This is a writeup describing a Remote File Inclusion (RFI) vulnerability in PHPIDS 0.4. The vulnerability arises from insecure include paths, allowing an attacker to include arbitrary remote files via the 'path' parameter.
Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target:PHPIDS 0.4
No auth needed
Prerequisites:PHP version >= 5.1.6 · Remote file inclusion enabled in PHP configuration