by r0t,der4444,cembo,VietMafia

Thursday, April 20, 2006

I-Rater Platinum - Remote File Inclusion Vuln

developer's site:
script: I-Rater Platinum
risk: critical
status: unpatched
discovered by: VietMafia

Vuln. Description:

This flaw is due to an input validation error in the "include/common.php"(line 3,4) that does not validate the "include_path" variable properly. Remote attackers can include
malicious scripts and execute arbitrary commands with the privileges of the web server




Blogger r0t told...

nice work bro! keep it comming!

7:50 AM

Blogger VietMafia told...

thanks r0t,

it can't be compared to your works!!!!

7:55 AM

Blogger r0t told...

he he.. of course you can...:)

10:11 AM

Blogger cembo told...

Good work!

1:35 PM


Post a Comment

<< Home

Copyright (c) 2006 Pridels Sec Crew