----------------------
Anonymous - 21 January 2015 at 04:37
To be clear, you have to know the administrator username and password of the site in order to be able to carry this out. But if you already know these then you can do pretty much anything you want with the site anyway, eg add your own php code to the template to include any file you want, so why do you need to do things this way.
It is hard to see why you think this is a real exploit.-----------------------
--------------------------------------------------------
Haunt IT - 21 January 2015 at 05:46
Hi, first of all: thanks for watching. Ad. your comment: yes, you need admin's credentials to exploit this vulnerability, yes, you can add your own PHP code to templates as well (when you have those credentials). In some CMSs, probably you can even run SQL query directly from the webapp... but
This post is not about super cool & advanced new hacking extreem technique. This post was published to help guys to learn how to write your own modules for Metasploit -------------------------------------------------------------
Perchè è stato rimossa l'estensione?
Di chi è la responsabilità di verificare nella JED?
Chi ha la responsabilità di verificare ha i "numeri" per farlo?
