This exploit demonstrates a remote file inclusion vulnerability in Froxlor v0.9.15 via the 'id' parameter in customer_ftp.php. It requires PHP 4.x.x and allows an attacker to include arbitrary files by manipulating the 'id' parameter.
Classification
Working Poc 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:Froxlor v0.9.15
No auth needed
Prerequisites:PHP 4.x.x environment · Access to the customer_ftp.php endpoint