PHPMySMS gateway.php远程文件包含漏洞

BUGTRAQ ID: 18633 PHPMySMS是一款开放源码的用PHP实现的基于Web的短信解决方案。 PHPMySMS的实现上存在输入验证漏洞，远程攻击者可能利用此漏洞在服务器上执行任意命令。 远程攻击者可以利用PHPMySMS的gateway.php文件中的远程文件包含漏洞执行任意PHP代码。漏洞代码如下： ============================================================== if $POSTmode == "1" or $GETmode == "1" include "config.php"; else include...

CVE-2006-3300

PHP remote file inclusion vulnerability in smsconfig/gateway.php in PhpMySms 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ROOTPATH parameter...

CVE-2006-3300

CVE-2006-3300 describes a PHP remote file inclusion in PhpMySms 2.0 (and earlier) triggered via the ROOT_PATH parameter in sms_config/gateway.php. The underlying issue is that user-supplied URLs are used in a context that allows code execution, enabling an attacker to run arbitrary PHP code on th...

EUVD-2006-3297

PHP remote file inclusion vulnerability in smsconfig/gateway.php in PhpMySms 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ROOTPATH parameter...

CVE-2006-3300

PHP remote file inclusion vulnerability in smsconfig/gateway.php in PhpMySms 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ROOTPATH parameter...

phpMySms 2.0 - ROOT_PATH Remote File Inclusion

phpMySms 2.0 - ROOTPATH Remote File Inclusion PhpMySms = V2.0 ROOTPATH Remote File Include Vulnerability URL : Http://www.phpmysms.com Author=Persian-Defacer www.Hacking-Boys.com ============================================================== if $POSTmode == "1" or $GETmode == "1" include...

phpMySms 2.0 - 'ROOT_PATH' Remote File Inclusion

PhpMySms = V2.0 ROOTPATH Remote File Include Vulnerability URL : Http://www.phpmysms.com Author=Persian-Defacer www.Hacking-Boys.com ============================================================== if $POSTmode == "1" or $GETmode == "1" include "config.php"; else include "$ROOTPATH/config.php";...

phpMySms 2.0 (ROOT_PATH) Remote File Include Vulnerability

No description provided by source. PhpMySms = V2.0 ROOTPATH Remote File Include Vulnerability URL : Http://www.phpmysms.com Author=Persian-Defacer www.Hacking-Boys.com ============================================================== if $POSTmode == "1" or $GETmode == "1" include "config.php"; else...

phpMySms 2.0 (ROOT_PATH) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ========================================================== phpMySms 2.0 ROOTPATH Remote File Include Vulnerability ========================================================== PhpMySms = V2.0 ROOTPATH Remote File Include Vulnerability URL :...