bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/21448.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

7 lines
No EOL
571 B
Text
Raw Permalink Blame History

source: https://www.securityfocus.com/bid/4722/info
XMB Forum 1.6 Magic Lantern allows remote users to conduct activities in the forum while bypassing normal logging functions. This is accomplished by submitting an arbitrary string as the "analized" variable to index.php. Log information is written only if this variable is empty, so submitting a string to it bypassing the logging.
In addition, log files (index_log.log and cplogfile.log) may be written with improper permissions allowing users to retrieve them with a browser.
/forumpath/index.php?analized=anything
Reference in a new issue View git blame Copy permalink