[VIM] false: phpContact Multiple Remote File Inclusion Vulnerabilities
str0ke
str0ke at milw0rm.com
Fri Apr 6 16:01:53 UTC 2007
//Source: http://codewand.org/download/phpContact.zip
contact_business.php
----------------------------------------
include("include/include_preferences.inc.php");
include($include_path . "include_session.inc.php");
include($include_path . "include_mysql_connect.inc.php");
include_preferences.inc.php
----------------------------------------
$include_path = "include/"; // Where include files reside relative
to index_.php file
/str0ke
---------- Forwarded message ----------
From: rko.thelegendkiller at gmail.com <rko.thelegendkiller at gmail.com>
Date: 6 Apr 2007 07:19:53 -0000
Subject: phpContact Multiple Remote File Inclusion Vulnerabilities
To: bugtraq at securityfocus.com
/* phpContact Multiple Remote File Inclusion Vulnerabilities */
//Author: Arham Muhammad
//Vulnerable Files: /contact_business.php, /contact_person.php
//Source: http://codewand.org/download/phpContact.zip
//Vulnerable Code: include($include_path . "include_session.inc.php");
//Expl0it: http://victim/path/contact_business.php?include_path=shell.txt?
// http://victim/path/contact_person.php?include_path=shell.txt?
//Greets: Usman,tushy,Hackman,str0ke
More information about the VIM
mailing list