Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

blogsystem 1.4 >> local & remote = -rfi & lfi & -xss

From: info () hackerz ir
Date: 25 Apr 2007 15:25:46 -0000
demo: blog23.com
by : hackerz.ir userz !
ADMIN/index.php include($category."/".$folder."_".$page.".php");
ADMIN/index.php include($category."/".$action.".php");
ADMIN/login.php include($lngTexts);
ADMIN/login.php include($lngConfig);
BO/index.php    include($category."/".$folder."_".$page.".php");
BO/index.php    include($category."/".$action.".php");
BO/login.php    include($lngTexts);
BO/login.php    include($lngConfig);
for example remote :
++++++++++++++++++++++++++
login to your user after that u can user exploit >
ADMIN/index.php include($category."/".$folder."_".$page.".php");
+++++++++++++++++++++++++
local file include & remote file include in admin panel
BO/login.php    include($lngTexts);
BO/login.php    include($lngConfig);
Previous By Date Next
Previous By Thread Next

Current thread: