- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 39281
- Проверка EDB
-
- Пройдено
- Автор
- 0X4148
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- N/A
- Дата публикации
- 2014-08-08
VoipSwitch - 'user.php' Local File Inclusion
Код:
source: https://www.securityfocus.com/bid/69109/info
VoipSwitch is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker can exploit this vulnerability to view files and execute local scripts in the context of the web server process. This may aid in further attacks.
https://www.example.com/user.php?action=../../../windows/win.ini%00.jpg- Источник
- www.exploit-db.com
