____________________ ___ ___ ________ \_ _____/\_ ___ \ / | \\_____ \ | __)_ / \ \// ~ \/ | \ | \\ \___\ Y / | \ /_______ / \______ /\___|_ /\_______ / \/ \/ \/ \/ .OR.ID ECHO_ADV_57$2006 ----------------------------------------------------------------------------------------------- [ECHO_ADV_57$2006]Soholaunch Pro <=4.9 r36 Multiple Remote File Inclusion Vulnerability ----------------------------------------------------------------------------------------------- Author : Dedi Dwianto a.k.a the_day Date Found : October, 31th 2006 Location : Indonesia, Jakarta web : http://advisories.echo.or.id/adv/adv57-theday-2006.txt Critical Lvl : Highly critical Impact : System access Where : From Remote --------------------------------------------------------------------------- Affected software description: ~~~~~~~~~~~~~~~~~~~~~~~~~~~ Application : Soholaunch Pro Edition version : <=4.9 r46 URL : http://www.soholaunch.com Soholaunch Pro Edition is a software product that makes it easy for people of all experience levels to create and maintain a great website. It reins-in the hard parts of building a website and presents them a way that the non-geek can understand and control --------------------------------------------------------------------------- Vulnerability: ~~~~~~~~~~~~~ I found vulnerability in script shared_functions.php --------------------------shared_functions.php----------------------------------- ....