Дополнительная информация

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )

TikiWiki php injection

Vulnerabilities

LedgerSMB < 1.2.8, SQL-Ledger 2.x Multiple SQL Injection Issues

DNewsWeb Softwares Cross Site Scripting Vulrnability

From:	Advisory_(at)_Aria-Security.net <Advisory_(at)_Aria-Security.net>
Date:	10 октября 2007 г.
Subject:	Viart Shopping Cart Directory Transversal Vuln

Aria-Security Team

----------------------

Viart Shopping Cart Directory Transversal Vuln

Vendor:

http://www.viart.com/

POC:

function createCertFingerprint($filename) {

$fp = fopen($filename, "r");

http://target/path/payments/ideal_process.php

Credits Goes To Aria-Security Team

Thanks To Aura

Regards,

The-0utl4w

http://Aria-Security.Net [Aria-Security's Website]