19 matches found
Hitweb 3.0 REP_CLASS Multiple Remote File Include Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/20060/info Hitweb is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file containing...
Hitweb <= 4.2.1 (REP_INC) Remote File Include Vulnerability
No description provided by source. !/usr/bin/env python coding: utf-8 import re from pocsuite.net import req from pocsuite.poc import Output, POCBase from pocsuite.utils import register class HitwebRemoteFileIncludePOCBase: vulID = '63807' version = '1' vulDate = '2006-08-08' author = ' '...
Hitweb <= 4.2.1 (REP_INC) Remote File Include Vulnerability
No description provided by source. Hitweb 4.2 Remote Include File CreW: ToxiC Bug Found By Drago84 Sorce Code: http://freshmeat.net/redir/hitweb/15633/urltgz/hitweb-4.2php.tgz Problem is: include "$REPINC/libdatabase.php"; Page: genpage-cgi.php Path: Declare $REPINC Expl:...
Hitweb REP_INC变量远程文件包含漏洞
HITWEB是一个基于PHP、PHPLib和MySQL的站点程序,可提供各种分类的Internet站点集合。 HITWEB在处理用户请求时存在输入验证漏洞,远程攻击者可能利用此漏洞在服务器上以Web进程权限执行任意命令。 HITWEB的genpage-cgi.php脚本没有正确过滤REPINC变量的输入数据,允许远程攻击者通过包含本地或外部资源中的文件导致执行任意PHP代码。成功攻击要求打开了registerglobals变量。 Hitweb Hitweb 4.2 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
HITWEB Remote File Include
HITWEB 4.1 Class: Remote|Local File Include Vulnerability Remote: Yes Local: No Type: High site:http://www.hitweb.org/ Site Download: http://www.lbb.org/cgi-bin/script/telecharger.cgi?ID=2919 Author: xw0x Contact: [email protected] Vuln Code =================addlink.php3================ include...
HitWebv3.0.txt
ERNE ---- ERNEALiZM ---- BU ASK BiTMEZ---- HitWeb v3.0 - Remote File Include Vulnerabilities site : http://www.comscripts.com/jump.php?action=script&id=12 Script : HitWeb v3.0 Credits : ERNE Contact : [email protected] and irc.gigachat.net kurdhack Thanks : BLaCKWHITE, Blackened, Dilejyoner...
CVE-2006-4848
Multiple PHP remote file inclusion vulnerabilities in Brian Fraval Hitweb 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the REPCLASS parameter to 1 index.php, 2 arbo.php, 3 framepoint.php, 4 genpage.php, 5 lienvalider.php, 6 appreciation.php, 7 partenariat.php, 8...
CVE-2006-4848
Hitweb 3.0 is affected by PHP remote file inclusion vulnerabilities allowing an attacker to cause arbitrary PHP code execution by supplying a URL in the REP_CLASS parameter to a set of PHP files (index.php, arbo.php, framepoint.php, genpage.php, lienvalider.php, appreciation.php, partenariat.php,...
PT-2006-5603 · Hitweb · Hitweb
Name of the Vulnerable Software and Affected Versions: Hitweb versions 3.0 Description: The issue concerns remote file inclusion vulnerabilities in Hitweb 3.0, allowing remote attackers to execute arbitrary PHP code. This is achieved by providing a URL in the REP CLASS parameter to various PHP...
HitWeb v3.0 - Remote File Include Vulnerabilities
ERNE ---- ERNEALiZM ---- BU ASK BiTMEZ---- HitWeb v3.0 - Remote File Include Vulnerabilities site : http://www.comscripts.com/jump.php?action=script&id=12 Script : HitWeb v3.0 Credits : ERNE Contact : [email protected] and irc.gigachat.net kurdhack Thanks : BLaCKWHITE, Blackened, Dilejyoner...
Hitweb 3.0 - REP_CLASS Multiple Remote File Inclusions
Hitweb 3.0 - REPCLASS Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/20060/info Hitweb is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote...
Hitweb 3.0 - 'REP_CLASS' Multiple Remote File Inclusions
source: https://www.securityfocus.com/bid/20060/info Hitweb is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in...
CVE-2006-4113
PHP remote file inclusion vulnerability in genpage-cgi.php in Brian Fraval hitweb 4.2 and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the REPINC parameter...
CVE-2006-4113
PHP remote file inclusion vulnerability in genpage-cgi.php in Brian Fraval hitweb 4.2 and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the REPINC parameter...
CVE-2006-4113
The CVE-2006-4113 issue affects Brian Fraval’s HitWeb (genpage-cgi.php) in HitWeb 4.2 and possibly earlier versions, where the REP_INC parameter enables PHP remote file inclusion. This is a remote code execution vulnerability resulting from an insecure inclusion mechanism in genpage-cgi.php, allo...
[SA21430] hitweb "REP_INC" File Inclusion Vulnerability
---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Wanted! Want to work with IDA and BinDiff? Want to write PoC's and Exploits? Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation...
Hitweb 4.2.1 - REP_INC Remote File Inclusion
Hitweb 4.2.1 - REPINC Remote File Inclusion Hitweb 4.2 Remote Include File CreW: ToxiC Bug Found By Drago84 Sorce Code: http://freshmeat.net/redir/hitweb/15633/urltgz/hitweb-4.2php.tgz Problem is: include "$REPINC/libdatabase.php"; Page: genpage-cgi.php Path: Declare $REPINC Expl:...
Hitweb 4.2.1 - 'REP_INC' Remote File Inclusion
Hitweb 4.2 Remote Include File CreW: ToxiC Bug Found By Drago84 Sorce Code: http://freshmeat.net/redir/hitweb/15633/urltgz/hitweb-4.2php.tgz Problem is: include "$REPINC/libdatabase.php"; Page: genpage-cgi.php Path: Declare $REPINC Expl:...
Hitweb <= 4.2.1 (REP_INC) Remote File Include Vulnerability
Exploit for unknown platform in category web applications =========================================================== Hitweb = 4.2.1 REPINC Remote File Include Vulnerability =========================================================== Hitweb 4.2 Remote Include File CreW: ToxiC Bug Found By Drago84...