[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] PHP file vulnerable on SMF 1.1.10



When editing a file with vi or other editors it creates a temporary version
of the original appending next the filename a tilde (~), looks to me that's
the case.

2009/9/23 bro <tweetycoaster@xxxxxxxxx>

> In Simple Machine Forum application version 1.1.10,
> everybody can see some PHP files as like as index.php by any browsers
> just added "~" symbol to end of filename.
> examples:
> http://vulnsite.com/path_of_SMF/index.php~<http://vulnsite.com/path_of_SMF/index.php%7E>
> http://vulnsite.com/path_of_SMF/ssi_examples.php~<http://vulnsite.com/path_of_SMF/ssi_examples.php%7E>
> http://vulnsite.com/path_of_SMF/SSI.php~<http://vulnsite.com/path_of_SMF/SSI.php%7E>
>
>
> --
> I will never let you go ...
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
AM
Key ID: 0x5EB17EE7
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/