HitWeb v3.0 - Remote File Include Vulnerabilities Sep 15 2006 09:37PM
erne ernealizm com (1 replies)
Re: HitWeb v3.0 - Remote File Include Vulnerabilities Sep 20 2006 09:12PM
Carsten Eilers (ceilers-lists gmx de)
Hi,

erne (at) ernealizm (dot) com [email concealed] schrieb am Fri, 15 Sep 2006 21:37:15 +0000:

># HitWeb v3.0 - Remote File Include Vulnerabilities
>
># site : http://www.comscripts.com/jump.php?action=script&id=12
>
># Vulnerable :
>
> http://www.site.com/[path]/index.php?REP_CLASS=[shell]

$REP_CLASS is initialized in conf/hitweb.conf, which is
included at the top of this script. After that there is
no manipulation possible, so there is no vulnerability.

Same for the other reported scripts.

Where did you tested this?
If you found vulnerable servers, the phpconfig() of these
could be helpful.

Regards
Carsten

--
Dipl.-Inform. Carsten Eilers
IT-Sicherheit und Datenschutz

<http://www.ceilers-it.de>

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus