Bugtraq mailing list archives
Re: HitWeb v3.0 - Remote File Include Vulnerabilities
From: "Carsten Eilers" <ceilers-lists () gmx de>
Date: Wed, 20 Sep 2006 23:12:37 +0200
Hi, erne () ernealizm com schrieb am Fri, 15 Sep 2006 21:37:15 +0000:
# HitWeb v3.0 - Remote File Include Vulnerabilities # site : http://www.comscripts.com/jump.php?action=script&id=12 # Vulnerable : http://www.site.com/[path]/index.php?REP_CLASS=[shell]
$REP_CLASS is initialized in conf/hitweb.conf, which is included at the top of this script. After that there is no manipulation possible, so there is no vulnerability. Same for the other reported scripts. Where did you tested this? If you found vulnerable servers, the phpconfig() of these could be helpful. Regards Carsten -- Dipl.-Inform. Carsten Eilers IT-Sicherheit und Datenschutz <http://www.ceilers-it.de>
Current thread:
- HitWeb v3.0 - Remote File Include Vulnerabilities erne (Sep 18)
- Re: HitWeb v3.0 - Remote File Include Vulnerabilities Carsten Eilers (Sep 21)