Computer Security

Security Advisory: sharedlog CMS Remote File Includes
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  Aria-Security.com: Saba 2.0 Cross Site Scripting [PASSIVE]

  PHP-Nuke  Module  BookCatalog (category&cat
id) Remote SQL injection Vulnerability

  IranMC  ( detail.php?Kala ) Remote SQL injection Vulnerability

  PHP-Nuke Module Sectionsnew (printpage&ar
tid) Remote SQL injection Vulnerability

From:joseph.giron13_(at)_gmail.com <joseph.giron13_(at)_gmail.com>
Date:01.11.2008
Subject:sharedlog CMS Remote File Includes

I have discovered a remote file include vulnerability in the sharedlog Content management system.

http://www.shatm.com/
http://sourceforge.net/projects/sharedlog/

Vulnerable code segment:
require_once($GLOBALS['root_dir'].'classes/!class.memcache.inc.
php');
Line 5 of slideshow_uploadvideo.content.php

As usual,Successful exploitation requires that "register_globals" is enabled.

Happy hacking.

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru