Agares Media ThemeSiteScript 'loadadminpage'远程文件包含漏洞

BUGTRAQ ID: 26998 CNCAN ID:CNCAN-2007122702 Agares Media ThemeSiteScript是一款基于PHP的WEB应用程序。 Agares Media ThemeSiteScript不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB权限执行任意PHP代码。 问题是由于'admin.php'脚本对用户提交的WEB参数缺少过滤，提交远程服务器上的任意文件作为包含对象，可导致以WEB权限执行任意PHP代码。 Agares Media ThemeSiteScript 1.0 目前没有解决方案提供：...

ThemeSiteScript 1.0 (index.php loadadminpage) RFI Vulnerability

No description provided by source. . . NN NNNN JNNN NNNN. NNN NNNNNNNNNNN NN NN NNN.NNNF .NNNNN NN """4NNN""" NN NN NNNNNN NNNNN NNN NNN NN NN 4NNNN NNNNNN.NNF NNN NN NN JNNNNL NN NNNNNN NNN NN NN JNNNNNN JNN NNNNN JNNF NN &nbs...

ThemeSiteScript 1.0 (index.php loadadminpage) RFI Vulnerability

Exploit for unknown platform in category web applications =============================================================== ThemeSiteScript 1.0 index.php loadadminpage RFI Vulnerability =============================================================== . . NN NNNN JNNN NNNN. NNN NNNNNNNNNNN NN NN...

Arcadem LE 2.04 - 'loadadminpage' Remote File Inclusion

Arcadem LE Exploit : http://localsite/path/admin/frontpageright.php?loadadminpage=File ========================================================= milw0rm.com 2007-12-21...