Crafty Syntax Live Help 3.1.2 – Remote File Inclusion / Full Path Disclosure

Exploit Database
17 阅读

作者： ITTIHACK

日期： 2013-04-19
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/38482/

source: https://www.securityfocus.com/bid/59322/info

Crafty Syntax Live Help is prone to a remote file-include vulnerability and a path-disclosure vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting these issues could allow an attacker to obtain sensitive information and compromise the application and the underlying system; other attacks are also possible.

Crafty Syntax Live Help versions 2.x and versions 3.x are vulnerable. 

File-include:

http://www.example.com/path/admin.php?page=[RFI]

Path-disclosure:

http://www.example.com/livehelp/xmlhttp.php

last Exploits
Crafty Syntax Live Help 3.1.2 – Remote File Inclusion / Full Path Disclosure的更多信息

GetSimple CMS v3.3.16 – Remote Code Execution (RCE)：
Domains Marketplace Script 1.1 – Authentication Bypass：
Manufacturer Website Design Script – SQL Injection：
Joomla! Component Vik Booking 1.7 – SQL Injection：
MarketSaz – Arbitrary File Upload：
WHMCompleteSolution (WHMCS) 3.x < 4.0.x - 'cart.php' Local File Disclosure：
Hampshire Trading Standards Script – SQL Injection：
Joomla! Component J-BusinessDirectory 4.6.8 – SQL Injection：