This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in DDLCMS v2.1 due to an undefined 'skin' parameter in the 'thanks.php' file. Attackers can inject arbitrary PHP code via a URL, leading to remote code execution.
Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:DDLCMS v2.1
No auth needed
Prerequisites:Access to the target URL · PHP remote file inclusion enabled on the server