> Advanced Guestbook <=- 2.4.2 (include_path) Remote File Include > Vulnerability Bogus > code :. > > require_once $include_path."/admin/config.inc.php"; > require_once $include_path."/lib/$DB_CLASS"; > require_once $include_path."/lib/image.class.php"; > require_once $include_path."/lib/template.class.php"; Line above: $include_path = dirname(__FILE__); So your proposed "exploit" does not work. Please STOP reporting fake web vulns. Stefano
