This is a technical writeup detailing a Local File Inclusion (LFI) vulnerability in phpMyBackupPro <= 2.2. The vulnerability arises from improper handling of the 'lang' parameter in config.php, allowing an attacker to include arbitrary files via path traversal when magic_quotes_gpc is disabled.
Classification
Writeup 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:phpMyBackupPro <= 2.2
No auth needed
Prerequisites:magic_quotes_gpc = Off · Access to the config.php endpoint