[VIM] false: bloofoxCMS 0.2.2 Remote File Include Vulnerabilitiy
GM darkfig
gmdarkfig at gmail.com
Sun Apr 15 12:46:22 UTC 2007
Link: http://www.securityfocus.com/archive/1/465739/30/0/threaded
Author: the_3dit0r at yahoo.com
Quote from the thread:
"www.example.com/[path]/install/index.php?content_php=[shell-Script]"
install/index.php:
include(SYS_WORK_DIR."/page_handler.php");
page_handler.php:
case '3':
$content_title = $strStep3;
$content_html = "step3.html";
$content_php = "step3.php";
break;
case '2':
$content_title = $strStep2;
$content_html = "step2.html";
$content_php = "step2.php";
break;[...]
install/index.php (after):
include(SYS_WORK_DIR."/".$content_php);
More information about the VIM
mailing list