| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 25 Jan 2007 08:34:30 -0600 From: str0ke <str0ke@...w0rm.com> To: "me you" <r.5.7@...mail.com> Cc: submit@...w0rm.com, bugtraq@...urityfocus.com Subject: Re: phpCOIN <= RC-1 (modules/mail/index.php) Remote File Include Vulnerability Well the include is there but I don't see you getting passed the fatal error one line up since the function get_security_flags() doesn't exist. /str0ke On 1/25/07, me you <r.5.7@...mail.com> wrote: > ################################################ > > phpCOIN <= RC-1 (modules/mail/index.php) Remote File Include Vulnerability > > Script: phpCOIN > > Version: RC-1 > > URL: http://www.phpcoin.com/coin_modules/downloads/dload.php?id=1 > > Found by: Born To K!LL > > ################################################ > > Bug in : > > modules/mail/index.php > > code : > > Include module functions file > include( $_CCFG['_PKG_PATH_MDLS']."$mod/$mod"."_funcs.php"); > > ################################################ > > Explo!T: > ^^^^^ > modules/mail/index.php?_CCFG['_PKG_PATH_MDLS']=[SHe1L-CoDe] > > GreeTz To : > > Dr.2 , Asbmay , General C , str0ke , SHiKaA , ThE-LoRd-Of-CrAcKiNg , m0d ... > > ################################################ > > _________________________________________________________________ > Express yourself instantly with MSN Messenger! Download today it's FREE! > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ > >
Powered by blists - more mailing lists