EUVD-2007-5574

Malware in sbrugna...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in awrate 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to 1 404.php or 2 topbar.php, different vectors than CVE-2006-6368...

CVE-2007-5599

CVE-2007-5599 affects awrate 1.0 with multiple PHP remote file inclusion (RFI) vulnerabilities. The issue allows remote attackers to execute arbitrary PHP code by supplying a URL in the toroot parameter used by (1) 404.php or (2) topbar.php, representing vectors distinct from CVE-2006-6368. The r...

Awrate Toroot参数远程文件包含漏洞

Awrate是一款基于PHP的WEB应用程序。 Awrate不充分过滤用户提交的URI输入，远程攻击者可以利用漏洞以WEB进程权限执行任意指令。 问题是'search.php'脚本对用户提交的'toroot'参数缺少过滤，指定远程服务器上的任意文件作为包含对象，可导致以进程权限执行任意指令。 awrate awrate 1.0 目前没有解决方案提供 !/usr/bin/perl Portal Name : awrate 1.0search.php Remote File Inclusion Exploit BUG:...

CVE-2006-6368

CVE-2006-6368 is a PHP remote file inclusion vulnerability affecting awrate 1.0. The initial description states that an attacker can trigger arbitrary PHP code execution by supplying a URL in the toroot parameter to login.php.inc/search.php. The connected documents also describe similar remote fi...

awrate.com Message Board 1.0 - 'search.php' Remote File Inclusion

!/usr/bin/perl Portal Name : awrate 1.0search.php Remote File Inclusion Exploit BUG: http://target/Path/search.php?toroot=http Vulnerable Code: includeonce"$toroot../commonphp/table.php.inc";; Bug Found DeltahackingTEAM Code :Dr.Trojan&Dr.Pantagon Download...

awrate.com Message Board 1.0 - search.php Remote File Inclusion

awrate.com Message Board 1.0 - search.php Remote File Inclusion !/usr/bin/perl Portal Name : awrate 1.0search.php Remote File Inclusion Exploit BUG: http://target/Path/search.php?toroot=http Vulnerable Code: includeonce"$toroot../commonphp/table.php.inc";; Bug Found DeltahackingTEAM Code...