Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:16865
HistoryApr 28, 2007 - 12:00 a.m.

blogsystem 1.4 >> local & remote = -rfi & lfi & -xss

2007-04-2800:00:00
vulners.com
19

demo: blog23.com
by : hackerz.ir userz !
ADMIN/index.php include($category."/".$folder."".$page.".php");
ADMIN/index.php include($category."/".$action.".php");
ADMIN/login.php include($lngTexts);
ADMIN/login.php include($lngConfig);
BO/index.php include($category."/".$folder."
".$page.".php");
BO/index.php include($category."/".$action.".php");
BO/login.php include($lngTexts);
BO/login.php include($lngConfig);
for example remote :
++++++++++++++++++++++++++
login to your user after that u can user exploit >
ADMIN/index.php include($category."/".$folder."_".$page.".php");
+++++++++++++++++++++++++
local file include & remote file include in admin panel
BO/login.php include($lngTexts);
BO/login.php include($lngConfig);