MyWebland miniBloggie Fname远程文件包含漏洞

MyWebland miniBloggie是一款基于PHP的网络日记程序。 MyWebland miniBloggie不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是'clsfasttemplate.php'脚本对用户提交的'fname'参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 myWebland miniBloggie 1.0 http://mywebland.neopages.net/...

miniCWB <= 1.0.0 (contact.php) Local File Include Exploit

No description provided by source. ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+...

miniBloggie10.txt

--------------------------------------------------------------------------------------- miniBloggie 1.0 fname Remote File Inclusion --------------------------------------------------------------------------------------- Author : Sh3ll Date : 2006/05/01 HomePage : http://www.sh3ll.ir Contact :...

CVE-2006-4163

The CVE-2006-4163 entry concerns myWebland miniBloggie (versions 1.0 and earlier). The connected PT-2006-4995 and CVE/NVD records confirm a PHP remote file inclusion in cls_fast_template.php via the fname parameter, which could allow remote attackers to execute arbitrary PHP code. Some analyses n...

miniBloggie <= 1.0 (fname) Remote File Inclusion Vulnerability

--------------------------------------------------------------------------------------- miniBloggie 1.0 fname Remote File Inclusion --------------------------------------------------------------------------------------- Author : Sh3ll Date : 2006/05/01 HomePage : http://www.sh3ll.ir Contact :...