This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in 4images 1.7.8 by injecting a shell URL via the 'db_servertype' parameter in global.php. The exploit is trivial and relies on the target server's allow_url_include setting being enabled.
Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:4images v1.7.8
No auth needed
Prerequisites:PHP allow_url_include enabled · Remote shell accessible via URL