This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in PlaySMS <= 0.9.5.2. The vulnerability arises from improper input validation in the `apps_path[themes]` parameter, allowing an attacker to include remote PHP files.
Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:PlaySMS <= 0.9.5.2
No auth needed
Prerequisites:Network access to the target · PHP remote file inclusion enabled on the server