I am trying to patch my php fusion to a new vulnerability. But I don't under the vulnerability fully.Please see here first: http://www.exploit-db.com/exploits/14647/\[code\]=================Exploit=================maincore.php
----exploit----http://{localhost}/{path}/maincore.php?folder_level=LFI\[/code\]I know what a Local File Inclusion is but how does just setting a get variable make it into the piece of code that was shown, it doesn't even make use of the get variable!!Thanks to anyone clearing this up. I want to patch this, if there is anything to patch!
PHP:
// Locate config.php and set the basedir path$folder_level = ""; $i = 0;while (!file_exists($folder_level."config.php")) { $folder_level .= "../"; $i++; if ($i == 5) { die("Config file not found"); }}require_once $folder_level."config.php";define("BASEDIR", $folder_level);