343 matches found
Особенности реализации PHP include.
Особенности реализации PHP Include. Введение. В данной заметке, я попытался объединить в одном месте все фичи, найденные в последнее время и позволяющие повысить эффективность атаки на основе PHP Include. Основы. Внедрение PHP-кода PHP Include — это уязвимость, заключающаяся в возможности внедрен...
OpenCSP Multiple Remote File Include Vulnerability
Exploit for unknown platform in category web applications ================================================== OpenCSP Multiple Remote File Include Vulnerability ==================================================...
Mambo Cache_Lite Class mosConfig_absolute_path Remote File Inclusion
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/projects/Framework/ require 'msf/core' class Metasploit3 'Mambo...
Acute Control Panel 1.0.0 RFI / SQL Injection
Acute Control Panel 1.0.0 RFI/SQL Injection Auth Bypass + Discovered By SirGod + www.mortal-team.org + www.h4cky0u.org + Remote File Inclusion Vulnerable code in container.php ----------------------------------------------------------- -----------------------------------------------------------...
MySpace Resource Script (MSRS) 1.21 RFI Vulnerability
Exploit for unknown platform in category web applications ===================================================== MySpace Resource Script MSRS 1.21 RFI Vulnerability ===================================================== MSRS v.1.21 Remote File Inclusion Author Site : http://www.myspacepros.com/ POC...
reloadcms-lfi.txt
New Advisory: ReloadCMS http://reloadcms.com Summary- Software: ReloadCMS Sowtwares Web Site: http://reloadcms.com/main/ Versions: 1.2.7 Critical Level: Moderate Type: Multiple Vulnerabilities Class: Remote Status: Unpatched PoC/Exploit: Available Solution: Not Available Discovered b...
ISS Proventia Appliance multiple security vulnerabilities
SSH user accounts detection, crossite scripting, PHP include, protection bypass...
Luckybot 3 - 'DIR' Multiple Remote File Inclusions
source: https://www.securityfocus.com/bid/21765/info Multiple remote file-include vulnerabilities affect Luckybot because the application fails to properly sanitize user-supplied input before using it in a PHP 'include' function call. An attacker may leverage these issues to execute arbitrary...
PHProjekt Content Management Module 0.6.1 - Multiple Remote File Inclusions
source: https://www.securityfocus.com/bid/19628/info Multiple remote file-include vulnerabilities affect the Content Management module for PHProjekt because the application fails to properly sanitize user-supplied input before using it in a PHP 'include' function call. An attacker may leverage...
Headline Portal Engine 0.x/1.0 - 'HPEInc' Multiple Remote File Inclusions
source: https://www.securityfocus.com/bid/19663/info Multiple remote file-include vulnerabilities affect HPE because the application fails to properly sanitize user-supplied input before using it in a PHP 'include' function call. An attacker may leverage these issues to execute arbitrary...
Nucleus CMS < 3.23 PLUGINADMIN.php DIR_LIBS Parameter Remote File Inclusion
Binary data 3633.prm...
phpwcms spaw_control.class.php spaw_root Parameter Remote File Inclusion
The remote host is running phpwcms, an open source content management system written in PHP. The version of phpwcms installed on the remote host fails to sanitize user-supplied input to the 'spawroot' parameter before using it in PHP include functions in the...
XOOPS xoopsConfig[language] Parameter Local File Inclusion (XOOPS_WFd205_xpl)
The remote installation of XOOPS fails to sanitize user-supplied input to the 'xoopsConfiglanguage' parameter of several xoopseditor scripts before using it in PHP 'include' functions. An unauthenticated attacker may be able to leverage these issues to read arbitrary local files and even execute...
pmachineExec.txt
This is a multi-part message in MIME format. ------=NextPart000000001C516AC.9C269F50 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit pMachine Pro / pMachine Free Remote Code Execution vendor website: http://www.pmachine.com I. BACKGROUND PMachine is one of the most...
[Full-Disclosure] pMachine Pro / pMachine Free Remote Code Execution
pMachine Pro / pMachine Free Remote Code Execution vendor website: http://www.pmachine.com I. BACKGROUND PMachine is one of the most flexible & creative on-line publishing tools available. With PMachine you can publish any kind of web content - from a basic weblog to an advanced, interactive...
PHP Include Exploit in Mail Manage EX v3.1.8 and maybe others.
Description: PHP Include Exploit in Mail Manage EX v3.1.8 Compromise: a malicious PHP script from an external host may be included and executed. Vulnerable Systems: all system using mmex.php v3.1.8 and maybe lower not tested. Details: The PHP Include exploit exist in de folowing code,...
PHP-Include-Hack-Possibility in phpforum 2 RC-1
================================================ ------------------------------------------------ ------------www.bright-shadows.net------------ ------------------------------------------------ --------------theblacksheep&erik-------------- ------------------------------------------------...
XSS and PHP include bug in W-Agora
I have found some bugs in W-Agora's forum configuration filesystem. In the page editform.php, an admin or root user can open any file, with the "PHP Include bug". A sample of the script: editform.php ?php the script gets the parameter "file", puts ".php" after this, and includes the file in the...
FreeNews & News Evolution (PHP)
Informations : °°°°°°°°°°°°°° Problem : Include files a ------------------- Product : Freenews Version : 2.1 Website : http://www.prologin.fr ---------------------- b ------------------- Product : News Evolution Versions : 1.0, 2.0 Website : http://www.phpevolution.net ---------------------- PHP...
ZeroBoard 4.1 - PHP Include File Arbitrary Command Execution
ZeroBoard 4.1 - PHP Include File Arbitrary Command Execution source: https://www.securityfocus.com/bid/5028/info Zeroboard is a PHP web board package available for the Linux and Unix platforms. Under some circumstances, it may be possible to include arbitrary PHP files. The head.php file does not...