XOOPS 2.5 – ‘imagemanager.php’ Local File Inclusion

Exploit Database
74 阅读

作者： KedAns-Dz

日期： 2011-04-18
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/35632/

source: https://www.securityfocus.com/bid/47418/info

XOOPS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view arbitrary local files within the context of the webserver process. Successfully exploiting this issue may lead to other attacks.

XOOPS 2.5.0 is vulnerable; other versions may also be affected. 

http://www.example.com/[path]/imagemanager.php?target=/../../../../../../../../boot.ini%00&op=upload

last Exploits
XOOPS 2.5 – ‘imagemanager.php’ Local File Inclusion的更多信息

openITCOCKPIT 3.6.1-2 – Cross-Site Request Forgery：
Isshue Shopping Cart 3.5 – ‘Title’ Cross Site Scripting (XSS)：
AutoCar 1.1 – ‘category’ SQL Injection：
CodoForum 3.2.1 – SQL Injection：
banana dance b.2.6 – Multiple Vulnerabilities：
Php Inventory – Arbitrary File Upload：
Home of Viral Images, Videos and Articles Script – SQL Injection：
damianov.net Shoutbox – Cross-Site Scripting：