eFront 3.6.9 – ‘scripts.php’ Local File Inclusion

Exploit Database
110 阅读

作者： AutoSec Tools

日期： 2011-05-16
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/35757/

source: https://www.securityfocus.com/bid/47870/info

eFront is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible.

eFront 3.6.9 build 10653 is vulnerable; other versions may also be affected.

http://www.example.com/efront/www/js/scripts.php?load=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini%00

last Exploits
eFront 3.6.9 – ‘scripts.php’ Local File Inclusion的更多信息

WordPress Plugin Events Calendar – ‘event_id’ SQL Injection：
Joomla! Component Full Social 1.1.0 – ‘search_query’ SQL Injection：
Elxis CMS 2009 – ‘administrator/index.php’ URI Cross-Site Scripting：
Joomla! Component Job – SQL Injection：
BitZoom 1.0 – ‘rollno’ SQL Injection：
CS-Cart 2.2.1 – ‘products.php’ SQL Injection：
UK One Media CMS – ‘id’ Error-Based SQL Injection：
Prontus CMS – ‘page’ Cross-Site Scripting：