lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <45D603DC.3010400@securityglobal.net>
Date: Fri, 16 Feb 2007 14:19:56 -0500
From: Stuart Moore <smoore.bugtraq@...urityglobal.net>
To: bugtraq@...urityfocus.com
Subject: false: Plume CMS 1.2.2 < = RFi Vulnerabilities

No RFI here, because 'path.php' defines the allegedly vulnerable parameter.

Stuart


> plume\manager\articles.php:
> 
> require_once 'path.php';
> require_once $_PX_config['manager_path'].'/prepend.php';
> require_once $_PX_config['manager_path'].'/inc/class.article.php';
> 
> path.php:
> 
> $_PX_config['manager_path'] = dirname(__FILE__);
> 
> 
> 
> ------
> 
> ##################################################################
> #Plume CMS 1.2.2 < = RFi Vulnerabilities
> #
> #Download : 
> http://prdownloads.sourceforge.net/pxsystem/plume-1.2.2.zip?download
> #
> #Script Name : Plume CMS 1.2.2
> #
> #
> ##################################################################
> #
> #Coded By : KaRTaL
> #
> #
> #Contact : k4rtal[at]gmail[dot]com
> #
> #
> ##################################################################
> #
> #V.Code in : plume\manager\articles.php
> #
> #
> #         require_once 
> $_PX_config['manager_path'].'/inc/class.article.php';
> #
> #
> #Exploit : 
> www.target.com/manager/articles.php?_PX_config[manager_path]=[shell]
> #
> #
> ##################################################################
> #
> #
> #Gretz : TiT , Doublekickx , str0ke , DermanTukr , M3rhametsiz , CaCa , 
> Gurkan142 , www.istikla-team.org
> #
> #
> #
> #
> ##################################################################
> 
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ