Exploit PHP Web Explorer 0.99b - 'edit.php?File' Traversal Local File Inclusion

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
32464
Проверка EDB
  1. Пройдено
Автор
PEPELUX
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2008-4499
Дата публикации
2008-10-06
Код:
source: https://www.securityfocus.com/bid/31595/info
 
PHP Web Explorer is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.
 
An attacker can exploit these vulnerabilities using directory-traversal strings to view local files and execute local scripts within the context of the webserver process. A successful attack can allow the attacker to obtain sensitive information or gain unauthorized access to an affected computer in the context of the vulnerable server.
 
PHP Web Explorer 0.99b is vulnerable; other versions may also be affected. 

http://www.example.com/edit.php?file=../../../etc/passwd
 
Источник
www.exploit-db.com

Похожие темы