Crafty Syntax Live Help 3.1.2 – Remote File Inclusion / Full Path Disclosure

Exploit Database
116 阅读

作者： ITTIHACK

日期： 2013-04-19
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/38482/

source: https://www.securityfocus.com/bid/59322/info

Crafty Syntax Live Help is prone to a remote file-include vulnerability and a path-disclosure vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting these issues could allow an attacker to obtain sensitive information and compromise the application and the underlying system; other attacks are also possible.

Crafty Syntax Live Help versions 2.x and versions 3.x are vulnerable.

File-include:

http://www.example.com/path/admin.php?page=[RFI]

Path-disclosure:

http://www.example.com/livehelp/xmlhttp.php

last Exploits
Crafty Syntax Live Help 3.1.2 – Remote File Inclusion / Full Path Disclosure的更多信息

FileRun < 2017.09.18 - SQL Injection：
Deluge Web UI 1.3.13 – Cross-Site Request Forgery：
Hitmaaan Gallery 1.3 – Multiple Cross-Site Scripting Vulnerabilities：
WordPress Plugin mukioplayer4wp – ‘cid’ SQL Injection：
Car Rental Management System 1.0 – Remote Code Execution (Authenticated)：
PimpMyLog v1.7.14 – Improper access control：
FLIR AX8 Thermal Camera 1.32.16 – RTSP Stream Disclosure：
Joomla! Component redSHOP 1.0 – Local File Inclusion：